Revolution Medicines is a late-stage clinical oncology company developing novel targeted therapies for patients with RAS-addicted cancers. The company’s R&D pipeline comprises RAS(ON) inhibitors designed to suppress diverse oncogenic variants of RAS proteins. The company’s RAS(ON) inhibitors daraxonrasib (RMC-6236), a RAS(ON) multi-selective inhibitor; elironrasib (RMC-6291), a RAS(ON) G12C-selective inhibitor; zoldonrasib (RMC-9805), a RAS(ON) G12D-selective inhibitor; and RMC-5127, a RAS(ON) G12V-selective inhibitor, are currently in clinical development. As a new member of the Revolution Medicines team, you will join other outstanding professionals in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway.
The Opportunity:
We are seeking an experienced and strategic leader to serve as Director, Information Sciences Governance, Risk & Compliance (IS GRC), reporting directly to the VP, IS Security, Risk, and Compliance. This person will be responsible for leading and maturing the IS GRC program, ensuring that IS governance processes, technology risk management practices, third-party risk management, and compliance activities effectively support business objectives and protect the organization.
As a key leader within Information Sciences, this individual will partner closely with Security, Infrastructure, Enterprise Applications, Data & Analytics, Legal, Privacy, Quality, Finance, HR, Procurement, and other cross-functional stakeholders to establish a scalable and pragmatic IS GRC framework. They will help the organization navigate a dynamic regulatory, technology, and business environment by strengthening controls, driving compliance readiness, improving risk visibility, managing third-party risk, and enabling informed decision-making across IS.
This role is ideal for a leader who can balance strategic program development with operational execution, build trusted partnerships across the organization, and translate regulatory, technical, and control requirements into practical processes that enable the business.
Key Responsibilities:
- IS GRC Program Leadership: Lead and evolve the Information Sciences Governance, Risk & Compliance program, including policies, standards, risk frameworks, compliance processes, and reporting.
- IS Governance: Develop, implement, and maintain governance structures, policies, standards, and procedures to support IS objectives, regulatory obligations, and internal accountability.
- Technology Risk Management: Establish and manage processes to identify, assess, prioritize, track, and report key IS, cybersecurity, data, third-party, and operational risks. Partner with stakeholders to develop mitigation and remediation plans.
- Third-Party Risk Management: Lead and mature the third-party risk management program for Information Sciences, including risk assessment and oversight of vendors, service providers, and technology partners. Partner with Procurement, Legal, Security, Privacy, and business stakeholders to evaluate third-party controls, contractual requirements, and remediation plans to ensure third-party services meet company risk and compliance expectations.
- Compliance Management: Oversee IS compliance initiatives related to applicable laws, regulations, contractual obligations, and internal policies. Coordinate control assessments, compliance reviews, and readiness efforts for audits and inspections.
- Internal Controls: Partner with IS and business teams to design, document, evaluate, and improve IT and IS-related controls and monitor their effectiveness over time.
- Policy and Standards Management: Drive the development, review, communication, and maintenance of IS policies, standards, baselines, and related procedures to ensure consistency, usability, and alignment with company requirements.
- Audit and Assessment Support: Coordinate and support internal and external audits, risk assessments, and evidence requests related to Information Sciences systems, processes, and controls. Track observations and corrective actions through closure.
- Cross-Functional Partnership: Build strong relationships across the business to understand technology risks, compliance obligations, and operational challenges, and to promote a culture of accountability and continuous improvement.
- Metrics and Reporting: Develop meaningful dashboards, metrics, and executive reporting to communicate IS program health, compliance posture, risk trends, and remediation progress to senior leadership.
- Training and Awareness: Promote awareness of IS governance, risk, and compliance responsibilities across Information Sciences and the broader organization through communication, training, and stakeholder engagement.
- Continuous Improvement: Stay informed about emerging regulations, industry trends, and best practices in IT/IS governance, cybersecurity compliance, privacy, and risk management, and incorporate them into program enhancements.
- This person will a