• Determine the inherent risk tier (Tier 1, Tier 2, or Tier 3) for every third party prior to contracting or engagement, consistent with the criteria defined in TPRM02. • Perform and document inherent risk assessments during onboarding, according to the policy reassessment schedule (annual for Tier 1 and bi-annual for Tier 2 vendors), and whenever a material change occurs in the vendor relationship. • Administer the due diligence process, including the issuance and evaluation of vendor due diligence questionnaires (DDQs), SOC 1 and SOC 2 reports, financial statements, insurance certificates, business continuity and information security documentation, and licensing or regulatory standing. • Maintain the authoritative third-party inventory, including assigned risk tier, services provided, data classification, system access, contract status, and all supporting documentation. • Administer the Company’s vendor management software platform, including profile setup, document collection, workflow configuration, expiration tracking, contract repository management, and audit history maintenance. • Monitor all vendors, contractors, and third-party counterparties against the FHFA Suspended Counterparty List (SCL) prior to engagement and on a recurring monthly basis; immediately escalate any matches to General Counsel and Compliance. • Coordinate contract reviews with Legal to ensure all required clauses are included, including information security, confidentiality, audit rights, subcontracting, breach notification, business continuity, termination, and return or destruction of data provisions. • Track and report vendor incidents, performance issues, breaches, and remediation activities; communicate findings to business owners and escalate material concerns to the Risk Management Committee. • Maintain documentation of vendor reviews, due diligence activities, identified risks, and required remediation efforts; provide training to business owners on intake and approval workflows. • Administer the vendor termination process, including coordination of the return of Company property and the return or destruction of Company data and information in accordance with legal and regulatory requirements. • Document and route policy exceptions for approval by the Third-Party Risk Manager and, when required, the Risk Management Committee. • Prepare periodic TPRM reporting and performance metrics for senior leadership, the Risk Management Committee, internal audit, external examiners, investors, and warehouse lenders. • Support audits and regulatory examinations by producing vendor inventories, risk assessments, due diligence files, and program documentation upon request. • Coordinate with the AI Governance Committee on due diligence and risk tiering activities related to third-party AI solutions and AI-enabled vendor features, consistent with RAIG01 Section 10. • Lead the annual review of the Third-Party Risk Management Policy (TPRM02) and recommend revisions for approval. • Perform other duties and responsibilities as assigned.

• Execute and support periodic access certification and attestation campaigns (Access Attestation), including monitoring, stakeholder follow-up, and managing required remediations. • Analyze access and identity data to identify: inactive or obsolete accounts; inappropriate access; permission anomalies; segregation-of-duties violations; absence of owners for accesses or groups. • Perform onboarding of new applications and groups into the Identity Governance (IGA) platform, in collaboration with application owners and certifiers. • Prepare and maintain process documentation, evidence, and controls related to access governance. • Support internal and external audits by providing required evidence and documentation. • Collaborate with Security, Infrastructure, and Operations teams, as well as application owners, to resolve access management issues. • Contribute to automation and continuous improvement initiatives using tools such as PowerShell, Power Automate, and AI-based solutions. • Monitor KPIs, metrics, and reports related to Identity and Access Governance.

• Specialize in audit planning and risk coverage • Create innovative, thought provoking, and highly leveraged “must-have insights” content • Develop new insights and ideas through thought leadership and offer compelling, actionable approaches to client's needs and requests that accelerate the client's ability to act • Develop in-depth analysis to identify the root cause of a client’s barriers or overall needs and reframe thinking to drive strategy forward • Demonstrate thought leadership in establishing insights positions across a team of analysts • Bring provocative, independent insights to Gartner leaders that can evolve the course of a research agenda • Research, analyze and predict market trends and shifts to provide clients and vendors with actionable insights • Provide clients and prospects with actionable advice aligned to their designated content area via virtual or face-to-face interactions • Create and deliver high value presentation materials on and off stage for Gartner events, industry and professional association conferences, and client briefings • Support BTI and Sales: Provide sales support serving as voice of the market to help Insights teams create content and to drive engagement with clients to make progress against their critical priorities to grow their business • Provide high quality and timely content peer review • Build credibility as an industry expert to represent Gartner insights, methodology and strategy • Actively participate in innovation, ideation, and research discussions and collaborate effectively with peers in the Insights community • Identify research process improvements or develop new processes that help the team and BTI provide excellent service delivery • Be a mentor and a coach by supporting more junior team members • Be client-centric while actively seeking to help clients engage regularly and often with Gartner insights and interactions

Role Description The role involves managing clinical quality and risk-based quality frameworks, ensuring compliance with regulatory standards, and promoting a culture of quality across clinical trials. - Clinical Quality Management & Risk-Based Quality Framework - Design, implement, and continuously refine the NCCT clinical quality management approach. - Develop and operationalize risk-based quality management (RBQM) frameworks across clinical trial activities. - Define and maintain risk assessment methodologies to proactively identify and mitigate operational and compliance risks. - Establish standardized quality control processes embedded within clinical trial workflows. - Ensure consistent application of quality practices across sites, studies, and functional teams. - Centralized Monitoring & Data-Driven Quality Oversight - Develop and oversee centralized statistical monitoring programs to identify data anomalies, trends, and potential quality risks. - Establish key quality indicators (KQIs) and dashboards to monitor performance across clinical trials. - Provide real-time visibility into quality trends, risks, and performance gaps to NCCT leadership. - Partner with Technology and data teams to enhance analytics, reporting infrastructure, and automation capabilities. - Leverage data to enable proactive decision-making and early issue detection. - Quality Control, Issue Management & Continuous Improvement - Oversee quality control activities across clinical trial processes to ensure adherence to SOPs and protocol requirements. - Identify, track, and trend deviations, issues, and quality events across studies and sites. - Coordinate root cause analysis and corrective and preventive actions (CAPA) in collaboration with functional teams and enterprise QA. - Facilitate operational ownership and escalation of CAPAs, protocol deviations, and quality risks. - Drive continuous improvement initiatives to address systemic issues and enhance operational performance. - Ensure quality insights are translated into standardized processes and best practices. - Training, Investigator Enablement & Quality Culture - Partner with Clinical Trial Operations and enterprise stakeholders to reinforce training and competency development for investigators and study teams. - Identify common quality risks associated with new or inexperienced investigators and implement mitigation strategies. - Support development of training reinforcement mechanisms aligned with protocol adherence and regulatory expectations. - Promote a culture of quality, accountability, and operational discipline across NCCT. - Enterprise Quality, Regulatory & Compliance Coordination - Serve as the primary NCCT interface with enterprise regulatory, research QA, and corporate compliance functions. - Participate in cross-functional governance forums and establish standardized escalation and communication pathways. - Ensure alignment with enterprise policies, SOPs, and regulatory frameworks. - Proactively engage enterprise stakeholders in the design and execution of new operational models, studies, and initiatives. - Coordinate escalation of quality issues, risks, and compliance concerns through appropriate enterprise channels. - Support definition and execution of clear roles, responsibilities, and escalation pathways. - Partner with enterprise patient safety and quality teams to ensure relevant clinical trial quality and safety insights are communicated. - Inspection Readiness, Audit Support & Governance - Partner with enterprise QA and compliance teams to support inspection readiness and audit preparedness. - Provide operational quality insights, documentation, and data to support internal and external audits. - Participate in enterprise quality governance forums, including risk assessments, quality councils, and performance reviews. - Ensure NCCT maintains readiness for regulatory inspections through consistent application of quality practices. - Support responses to audit findings and regulatory inquiries in coordination with enterprise stakeholders. - Cross-Functional Integration & Operational Alignment - Embed quality principles across NCCT functions, including Clinical Trial Operations, Real World Data & Evidence, Business Development, and Technology. - Ensure quality considerations are incorporated into study feasibility, start-up, execution, and closeout. - Coordinate with enterprise shared services to address cross-functional risks. - Identify and resolve gaps in ownership, communication, and execution across functions. - Support scalable, standardized operating models that enable efficient growth without compromising quality. Qualifications - Bachelor’s degree in life sciences, healthcare, or a related field required. Requirements - 7+ years of experience in clinical research, quality management, or related roles within healthcare or life sciences. - Demonstrated experience in clinical quality management, risk-based monitoring, or centralized monitoring. - Experience operating within regulated environments (e.g., FDA, ICH-GCP). - Experience working within complex, matrixed organizations. - Experience collaborating with regulatory, compliance, or audit functions in a healthcare or research setting. Benefits - Paid Time Off programs. - Health and welfare benefits such as medical, dental, vision, life, and Short- and Long-Term Disability. - Flexible Spending Accounts for eligible health care and dependent care expenses. - Family benefits such as adoption assistance and paid parental leave. - Defined contribution retirement plans with employer match and other financial wellness programs. - Educational Assistance Program.