This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Senior Manager, Advertising and Promotion - Regulatory Affairs will join the Legal team and serve as an advertising reviewer, while also supporting claims development and substantiation efforts. This role requires a strong foundation in FDA laws and regulations governing the advertising and promotion of prescription drug products, with the opportunity to apply those rules in new and evolving spaces like telehealth. The Senior Manager will work cross-functionally with Growth, Brand & Creative, and Clinical teams, and should be comfortable collaborating across disciplines, juggling multiple projects, and moving quickly as the business evolves. The ideal candidate is smart, collegial, adaptable, and enjoys translating complex regulatory requirements into practical guidance. What You'll Do: - Participate in Ro’s cross-functional advertising review process, evaluating creative assets for FDA advertising and promotion compliance, including social media ads, website content, TV and audio spots, and out-of-home advertising. - Serve as an internal subject matter expert on FDA advertising and promotion requirements. - Stay abreast of changes in FDA regulations and industry trends in health product advertising. - Maintain company-wide advertising and promotion guidelines and deliver related trainings. Qualifications - PharmD, strongly preferred - or MS, with significant experience in regulatory affairs - PharmD fellowship, preferred - 7+ years of pharmaceutical industry experience - Deep knowledge of FDA advertising and promotional regulations and guidance is necessary - Must be able to innovate, analyze, and solve problems with minimal supervisory input - Excellent communication, listening, and negotiation skills - Excellent organizational and time management skills needed to manage multiple ongoing projects simultaneously - Outstanding attention to detail Benefits - Full medical, dental, and vision insurance + OneMedical membership - Healthcare and Dependent Care FSA - 401(k) with company match - Flexible PTO - Wellbeing + Learning & Growth reimbursements - Paid parental leave + Fertility benefits - Pet insurance - Student loan refinancing - Virtual resources for mindfulness, counseling, and fitness Compensation The target base salary for this position ranges from $154,300 - $192,500, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary. Work Environment Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites). Diversity and Inclusion At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.

• Oversee programs and activities related to maintaining PCI compliance and maintaining a favorable status with VISA and MasterCard • Provide oversight regarding audit, regulatory, and risk management activities across cyber functional areas, such as the development and maintenance of regulatory documentation (e.g., PCI DSS AOC). • Monitor and analyze technology risk trends, and recommend appropriate technology policies, procedures, and practices to strengthen internal operations. • Oversee compliance programs for cyber frameworks (e.g., NIST CSF). • Direct functional teams in development, implementation, monitoring, and reporting of control processes, documentation, and compliance routines • Oversee and coordinate information technology and security components of both internal and external audits, federal and state examinations, and client onsite audits • Collaborate with Marketing/Communications teams in preparing information security messaging for internal and Credit Union distribution. • Respond to financial institution audits, due diligence inquiries, and documentation requests. • Oversee Vendor Partner Oversight functions (e.g., contract reviews, technology risk assessments, site audits) • Oversee technology compliance reporting functions (e.g., quarterly ASV scans, AOC). • Oversee activities of professional services firms (e.g., QSAs, QIRAs) in conducting technology compliance and security engagements. • Serve as subject matter authority on industry regulatory environment and technology risk management practices. • Report on and monitor Key Performance Indicators (KPIs). • Set strategy and roadmaps for how identity is implemented and used across the business. • Manage a team of Compliance professionals and ensure performance goals are monitored and managed. • Oversee access attestations and ensure they are performed in a timely manner. • Demonstrate behaviors based on Velera values: Dedication, Collaboration, Belonging, Curiosity, and Integrity. • Perform other duties as assigned.

• Own, manage and oversee UDAP policy and requirements relating to business client interactions • Ownership and maintenance of internal policy regarding prevention of unfair and deceptive practices • Review of public facing marketing materials of companies in scope • Management and execution of Compliance’s complaint management oversight program • Manage and execute day-to-day code of conduct and business ethics compliance and framework • Managing ethics inbox and hotline, evaluating concerns reported to Ethics Committee • Effectively manage UDAP and code of conduct investigations • Develop employee training, in collaboration with eLearning • Identify and report trends, significant matters and compliance issues • Develop reporting, including charts/analyses to highlight trends, correlations and key issues • Make appropriate recommendations to improve controls and systems • Additional duties as assigned

• Senior-level SAP GRC expertise utilizing 10–12 years of relevant experience. • Leading SAP application security design, implementation, and support focusing on SAP ECC, S/4 HANA, SAP Governance, Risk, and Compliance (GRC) Access Controls. • Conducting all SAP Security tasks including role design, testing, auditing, user account management, troubleshooting SAP Security solutions across SAP Systems. • Implementing best Practices solutions for SAP Security change management controls and ensuring SOX compliance standards are met. • Implementing and configuring SAP GRC Access Controls modules and supporting GRC Implementation of projects. • Managing SAP Security and GRC environments for onshore/offshore teams and collaborating with multiple teams for overall delivery.