Director, Digital Governance

Director, Digital Governance

It's More Than a Career, It's a Mission.
Our people are the foundation of our success. By joining our growing team at Sarah Cannon Research Institute (SCRI), a subsidiary of McKesson, you will have the opportunity to become part of one of the largest community-based cancer programs to advance oncology treatments and improve outcomes for cancer patients across the globe. We look for mission-driven candidates who have a desire to advance the fight against cancer and make a difference in the lives of patients diagnosed with cancer every day.
Our Mission
People who live with cancer – those who work to prevent it, fight it, and survive it – are at the heart of every decision we make. Bringing the most innovative medical minds together with the most passionate caregivers in their communities, we are transforming care and personalizing treatment. Through clinical excellence and cutting-edge research, SCRI is redefining cancer care around the world.
The Director, Digital Governance is SCRI's accountable owner for IT governance, including data, AI and agent governance, in a GxP clinical-research environment — designing and operating the lifecycle controls that govern AI and autonomous agents powering the Agent Factory, in alignment with Enterprise Governance standards. The role also owns SCRI's data governance framework and operates IT SOPs as inspection-defensible controls, embedding governance directly into technology design, delivery, and operations.
This is a hands-on, build-and-run leadership role, directly accountable for design and execution and ensuring governance is actionable, automated where possible, and measurable — providing real-time visibility into AI accountability, data integrity, digital risk, and regulatory readiness through KPI-driven dashboards and inspection-ready controls.
Duties include but are not limited to:
IT Governance & Inspection Readiness

Operate IT SOPs as inspection-defensible controls through ownership, SOP-to-control traceability, change-impact governance, and effectiveness monitoring.
Author, maintain, and operationalize IT SOPs and controlled documents to GxP, 21 CFR Part 11/Annex 11, and ALCOA+ expectations; ensure SCRI is audit- and inspection-ready on a continuous basis.
AI & Agent Governance

Design, build, and operate SCRI's AI and agent governance framework, aligned with Enterprise controls and suitable for a GxP clinical-research environment.
Define and operationalize lifecycle governance for AI and agentic systems: intended-use definition, model and agent documentation (model cards), validation, monitoring of non-deterministic behavior, and retirement/archival.
Establish governance requirements including clinical-expertise review for GxP AI, participant-disclosure handling for AI used in clinical trials, and model-archival protocols.
Partner with the Responsible AI Board/Office and Quality to translate Responsible AI principles into inspection-ready, executable controls for SCRI's Agent Factory use cases.
Data Governance

Own SCRI's data governance framework — policies, standards, and controls for data quality, integrity, lineage, and compliance.
Establish metadata, lineage, classification, and data-quality standards, with access and lifecycle controls embedded in the platforms where data resides.
Serve as the escalation point for data-integrity risks affecting clinical, operational, or regulatory outcomes, ensuring they are surfaced, tracked, and remediated.
Governance Operations & Reporting

Define, build, and operate KPI-driven governance dashboards that give leadership a continuous, evidence-based view of control health, risk, and remediation across data, AI, and agent governance.
Identify gaps, drive corrective actions to closure, and report governance posture to executive leadership.
Leadership & Influence

Serve as SCRI's hands-on governance lead — directly accountable for design and execution, not oversight alone — building toward a future AI Governance Analyst as agent deployments scale.
Communicate complex governance and risk topics clearly to executive leadership, regulators, and non-technical stakeholders; influence outcomes across a matrixed organization without direct authority.
Mandatory: The following are mandatory expectations of all SCRI employees.
Practices and adheres to the "Code of Conduct" philosophy and "Mission and Value Statement."
During your employment with SCRI, you will be routinely assigned training requirements. You are expected to complete any training assignments by the due date.
Minimum Qualifications:
Bachelor's degree in Information Systems, Computer Science, Engineering, or related field.
10+ years experience in IT governance, regulated technology environments, data governance, or enterprise risk.
Working knowledge of the regulatory and quality frameworks governing technology in clinical research, including GxP/GCP, 21 CFR Part 11 and EU Annex 11, ALCOA+ data integrity, and computer system validation/assurance (GAMP 5, CSA).
Demonstrated experience operating in GxP‑regulated clinical, biotech, pharmaceutical, or healthcare environments.
Proven, hands‑on experience authoring, maintaining, and operationalizing IT SOPs and controlled documents within a regulated environment.
Demonstrated ability to define, build, and operate KPI driven governance dashboards
Strong, demonstrated expertise in Data Governance, with a track record of establishing governance frameworks, policies, and controls to ensure data quality, integrity, and compliance
Familiarity with AI Governance and Responsible AI frameworks in regulated environments — for example, the FDA/EMA good machine learning/AI practice principles, the FDA risk-based AI credibility-assessment framework, the EU AI Act, and ISO/IEC 42001; considered a plus, with an expectation to quickly build proficiency on the job.
Ability to communicate complex governance and risk topics clearly to executive leadership, regulators, and non‑technical stakeholders.
Demonstrated capability to operate effectively in matrixed organizations, influencing outcomes without direct authority.
Demonstrated experience partnering with Quality during inspection responses, findings remediation, and CAPAs related to data integrity
This is a remote position based in the United States. Relocation and visa sponsorship are not available.