• Supports OCHIN’s External Affairs initiatives, ensuring alignment with team goals and strategic priorities • Leads and manages key projects, collaborates closely with internal teams, members, and external partners • Drives initiatives that advance the mission and impact of the External Affairs department • Independently researches, tracks, and analyzes Federal and State legislation, regulations, and policies affecting healthcare and health IT • Acts as a subject matter expert (SME) on regulatory and compliance issues, supporting organizational compliance and strategic positioning • Prepares high-quality research, policy analysis, and regulatory materials, contributing to advocacy efforts and supporting the organization's broader external affairs strategies

• Take ownership of day-to-day compliance activities across the US and Canada. • Act as the primary escalation point for AML, regulatory, and compliance matters. • Ensure consistent application of global policies, adapted for jurisdiction-specific requirements. • Act as the designated BSA/AML Compliance Officer for the US entity. • Ensure adherence to FinCEN requirements and broader BSA/AML regulatory expectations. • Oversee SAR reporting, transaction monitoring, and investigative frameworks. • Maintain and enhance the effectiveness of the US AML programme. • Take full operational ownership of compliance in Canada, including: FINTRAC requirements under PCMLTFA • Oversee regulatory reporting, audits, and regulator engagement. • Ensure all aspects of Canadian compliance are effectively managed and embedded. • Manage regulatory reporting obligations across both jurisdictions. • Coordinate and manage internal and external audits and regulatory examinations. • Partner with Sales, Operations, and Global Compliance teams to embed compliance across all activities. • Manage and develop North America compliance resources.

Title: Director, Regulatory Affairs CMC Location: United States Job Description: For the past 20 years, ProPharma has improved the health and wellness of patients by providing advice and expertise that empowers biotech, med device, and pharmaceutical organizations of all sizes to confidently advance scientific breakthroughs and introduce new therapies. ProPharma partners with its clients through an advise-build-operate model across the complete product lifecycle. With deep domain expertise in regulatory sciences, clinical research solutions, quality & compliance, pharmacovigilance, medical information, and R&D technology, ProPharma offers an end-to-end suite of fully customizable consulting solutions that de-risk and accelerate our partners’ most high-profile drug and device programs. The Director, Regulatory Affairs – Chemistry, Manufacturing, and Controls (CMC) is a senior-level contractor role responsible for defining and executing global CMC regulatory strategies across Dyne’s development programs, from early-stage development through commercialization and post-approval lifecycle management. This individual will serve as a strategic leader and subject matter expert (SME), ensuring high-quality, compliant, and globally aligned CMC regulatory submissions. The role will partner closely with Manufacturing, Quality, Clinical Operations, and Program Teams to support clinical registration, commercial readiness, and ongoing regulatory compliance. The position requires a highly experienced regulatory professional capable of operating independently, influencing cross-functional stakeholders, and driving complex regulatory strategies while meeting critical timelines in a fast-paced, dynamic biotech environment. Primary Responsibilities Include: - Lead and execute global CMC regulatory strategies across all phases of development, including IND, IMPD, BLA/MAA, and post-approval lifecycle activities - Provide strategic regulatory guidance to Manufacturing and Quality teams to ensure global compliance and readiness for clinical and commercial supply - Oversee the planning, development, and delivery of CMC sections for global regulatory submissions, including responses to Health Authority (HA) questions - Manage regulatory activities related to clinical and commercial manufacturing changes, ensuring alignment with global requirements - Ensure CMC regulatory content aligns with evolving regulatory expectations, guidance, and policy trends across regions - Coordinate global submissions, product registration maintenance, and change control activities throughout the product lifecycle - Partner cross-functionally with Manufacturing, Quality, Clinical Operations, and Program Teams to deliver key regulatory milestones - Proactively identify regulatory risks and develop mitigation strategies to support program success - Leverage deep regulatory expertise to anticipate challenges and drive effective, forward-looking solutions - Contribute to organizational regulatory knowledge by sharing insights, lessons learned, and best practices Education and Skills Requirements: - Bachelor’s degree in Life Sciences or a related scientific discipline required; advanced degree (MS/PhD) preferred - Minimum of 10+ years of experience in biotechnology or pharmaceutical industry, including at least 7+ years in Regulatory Affairs with strong focus on CMC - Demonstrated experience leading CMC sections of global regulatory submissions, including biologics marketing applications (BLA/MAA) - Strong experience supporting global regulatory filings and health authority interactions (e.g., FDA, EMA, and other international agencies) - Deep understanding of CMC regulatory requirements across clinical development, commercialization, and lifecycle management - Strong working knowledge of FDA regulations, ICH guidelines, and global regulatory frameworks - Experience with EU and international regulatory requirements for both clinical and commercial programs is preferred - Extensive experience with CTD structure, content, and global submission requirements - Proven ability to independently manage multiple complex regulatory programs in a fast-paced environment - Strong strategic thinking and problem-solving skills, with the ability to balance scientific, operational, and regulatory considerations - Excellent written and verbal communication skills, including regulatory writing and executive-level communication - Demonstrated ability to influence cross-functional stakeholders and senior leadership without direct authority - High level of attention to detail with strong commitment to quality and compliance - Ability to drive timelines, meet firm deadlines, and adapt quickly to changing requirements and priorities - Ability to work independently and operate in a highly autonomous manner with minimal oversight - Candidates must demonstrate recent, hands-on experience supporting CMC regulatory activities within regulated life sciences environments Engagement Details: - Contract Duration: 12-month contract with potential for extension based on performance and business needs - Engagement Type: Full-time contractor (FTE-equivalent) - Time Zone Required: EST hours - Location / Delivery Model: Primarily remote, with potential for occasional on-site presence in Waltham, MA as needed - Travel: May be required for end-user training and key project phases We celebrate our differences and strive to create a workplace where each person can be their authentic self. We are committed to diversity, equity, and inclusion. Employees are encouraged to unleash their innovative, collaborative, and entrepreneurial spirits. With a holistic approach as an Equal Opportunity Employer, we provide a safe space where all employees feel empowered to succeed. All applications to roles at ProPharma are personally reviewed by a member of our recruitment team. We do not rely on AI screening tools to support our hiring process. You will always receive an outcome to your application so that you have an answer from us - whether you're successful or not. Whilst ProPharma supports remote working, we also recognise the value that comes from in person collaboration. As such, we encourage any new hires that are based within a reasonably short commute of one of our offices to work on a hybrid basis and spend some time working from that office location, as agreed with your manager. All applications will be treated on their own merit and candidates will not be at any advantage or disadvantage based on their proximity to an office. ***ProPharma Group does not accept unsolicited resumes from recruiters/third parties. Please, no phone calls or emails to anyone regarding this posting.***

Title: GRC Analyst Location: United States Job Description: About Zone & Co: Zone & Co is on a mission to empower finance professionals to drive strategic growth through seamless, intelligent operations. We build cloud-native software solutions on Oracle NetSuite, automating complex financial processes like billing, accounts payable, reporting, and reconciliation. Our vision is to unlock the full strategic potential of finance by infusing the ERP with the intelligence and automation needed for truly transformative operations. Join our rapidly growing team as we redefine financial efficiency for scaling businesses worldwide. The Role: We are seeking a meticulous and proactive Security and Privacy Compliance Analyst to help safeguard our organization and our customers' data. Reporting directly to the Director of IT, Security and Compliance, you will play a critical role in maturing our governance, risk, and compliance (GRC) programs. In this position, you will bridge the gap between technical security controls and regulatory requirements, ensuring that Zone & Co's rapidly expanding suite of financial software maintains the highest standards of data protection and privacy. This role requires a strong foundational knowledge of major security frameworks and privacy regulations, a keen eye for detail in auditing internal processes, and the ability to clearly communicate compliance postures to both internal engineering teams and enterprise customers. Essential Job Functions: - Compliance Framework Governance: Lead the management and continuous scaling of Zone & Co’s core security compliance frameworks, specifically SOC 2 Type II and ISO 27001. - Privacy Operations Leadership: Govern global data privacy operations to ensure strict, ongoing alignment with GDPR, CCPA/CPRA, and other emerging data protection laws. - Customer Trust & Revenue Enablement: Serve as the primary security liaison for enterprise customers, directly supporting the sales cycle by demonstrating and communicating a robust, mature security posture. - Risk & Audit Management: Manage the organization's internal audit program and oversee the third-party vendor risk lifecycle to proactively identify and mitigate vulnerabilities. Responsibilities, Duties, and Tasks: - Audit Coordination: Coordinate evidence collection, manage project timelines, and partner directly with external auditors during annual compliance assessments. - Privacy Assessments: Conduct Data Privacy Impact Assessments (DPIAs) for new products and process Data Subject Access Requests (DSARs) within mandated SLAs. - Questionnaires & Trust Center: Accurately and efficiently complete incoming vendor security questionnaires from prospects and maintain up-to-date documentation in our customer-facing Trust Center. - Internal Control Testing: Design and execute internal audits to test whether technical and administrative controls are operating effectively. Track control gaps and drive engineering/IT remediation efforts. - Vendor Risk Reviews: Evaluate the security and privacy postures of prospective and existing third-party vendors and sub-processors through comprehensive risk assessments. - Policy & Training Development: Draft, update, and publish internal security policies, standard operating procedures (SOPs), and incident response plans. Develop and administer engaging company-wide security and privacy awareness training. What You'll Bring (Qualifications and Experience): - Experience: 3+ years of direct experience in IT Audit, Information Security, Privacy Operations, or GRC (Governance, Risk, and Compliance), preferably within a B2B SaaS, FinTech, or cloud technology environment. - Deep Domain Expertise: Hands-on experience working with established compliance frameworks (SOC 2, ISO 27001) and navigating global privacy legislation (GDPR, CCPA). - SaaS/Cloud Acumen: A solid understanding of cloud computing architectures (AWS, Azure, GCP) and enterprise software environments. Familiarity with ERP systems (like NetSuite) is a strong plus. - Analytical & Problem-Solving Skills: Proven ability to translate complex regulatory requirements into actionable, practical controls for IT and engineering teams without stifling innovation. - Exceptional Communication: Outstanding written and verbal communication skills. You must be able to write clear policies, translate technical risks for business leaders, and confidently answer complex customer security questions. - Education & Certifications: Bachelor’s degree in Information Systems, Cybersecurity, Business, or a related field. Relevant industry certifications such as CISA, CISM, CIPP/E, CIPP/US, or Security+ are highly preferred. Benefits At Zone, our benefits are designed to enrich your life beyond the workplace. Recognizing that work is just a fraction of your overall life experience, we are dedicated to providing robust support. As a fully remote company, we prioritize flexibility and balance. Explore our comprehensive list of benefits at Zoneandco.com. Zone and Co is an Equal Opportunity Employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity, or any other factor protected by applicable federal, state, or local laws. We strongly encourage candidates of all different backgrounds and identities to apply. This is an opportunity for us to bring in a different perspective and we’re eager to further diversify our company. Zone & Co is committed to building an equitable, inclusive, and supportive place for you to do some of the greatest work of your career. #LI-Remote