Senior Director of Compliance and Risk Management

Position Summary 

All staff are employed through the Research Foundation.  This role will be in service to the Research Foundation.

Reporting to the Chief Financial and Administrative Officer of the Research Foundation, the inaugural Senior Director of Compliance and Risk Management (CRM) is responsible for developing, implementing, and overseeing a comprehensive compliance and risk management program for the Research Foundation.  The Senior Director of CRM provides strategic leadership in establishing and maintaining a comprehensive compliance framework as a fiscal sponsor providing services to a program receiving approximately $100 million in funding, of which approximately 60% is federal funds.  This position ensures that all operations—particularly those related to clinical research, sponsored projects, subawards, data management, and financial stewardship—adhere to applicable laws, regulations, sponsor requirements, and institutional policies. 

The Senior Director of CRM serves as the organization’s principal compliance director and works closely with General Counsel, Chief Executive Officer, Chief Strategy Officer, Chief Financial and Administrative Officer, Chief Research Administration Officer, and Chief Research Information Officer to promote a culture of ethics, integrity, accountability, transparency, and regulatory excellence. 

The COG Research Foundation, LLC is a 100% remote employer, though some travel may be required.  Employee must reside within the United States.

Full salary range for this position: $144,278 to $225,289 per year. The typical hiring range for this position is from $144,278 (minimum) to $184,784 (midpoint), based on 100% FTE. The starting salary is determined based on the candidate’s knowledge, skills, experience, as well as, budget availability.

Essential Duties and Responsibilities

Governance and Structure

• Maintain functional independence from operational management.
• Engage with Research Foundation General Counsel. May engage with external legal counsel and subject matter experts with pre-authorization from the Chief Executive Officer.
• Establish and serve as chair (or co-chair) of a compliance and risk committee and provide regular reports to the General Counsel and senior leadership.
• At the direction of the Chief Financial and Administrative Officer and external consultants, ensure systems are in place to maintain compliance with Internal Revenue Service (IRS) regulations for tax-exempt organizations and public disclosure requirements.
• Monitor adherence to State of California nonprofit corporation law and ensure systems are in place to maintain good standing with state regulators.
• Support governance compliance activities and assist the General Counsel with regulatory compliance to ensure governance practices align with applicable nonprofit and regulatory requirements.
• Assist as needed with maintenance of corporate records, by-laws, and governance documentation.

Leadership and Oversight

• Establish and maintain core elements of an effective compliance program consistent with Office of Inspector General (OIG) guidance, including reporting mechanisms, investigation protocols, corrective action processes, and non-retaliation protections.
• Advise leadership on compliance implications of new programs, funding streams, or regulatory developments.
• Ensure full compliance with federal grant requirements including OMB Uniform Guidance (2 CFR 200), National Institutes of Health (NIH) grants policy, and National Cancer Institute (NCI) National Clinical Trials Network (NCTN) standards and guidelines.
• Provide regular compliance and enterprise risk reports to the Board of Advisors or designated Board committee (e.g., Audit, Compliance, or Risk Committee).
• Escalate significant compliance risks to Board leadership when required.
• Maintain documentation of Board-level compliance reporting activities.

Risk Management and Internal Controls

• Lead a risk assessment process, identifying compliance vulnerabilities and mitigation strategies across the organization.
• Develop, implement, and regularly update a comprehensive enterprise risk management framework.
• Oversee compliance investigations, root cause analyses, and corrective action plans, maintaining documentation consistent with audit expectations.
• Assist Chief Financial and Administrative Officer in monitoring organizational insurance program coverage to ensure the entity is appropriately insured for the activities it performs.
• Assist in the development, implementation and oversight of a data governance framework to include security, protection, export control, and retention for data throughout the organization.
• Monitor vendor risk assessment classifications and recommend strategies to improve program.
• Ensure the enterprise regulatory intelligence register undergoes an annual review by affected subject matter experts.
• Assist in monitoring foreign corrupt practices and international anti-bribery compliance.
• Contribute to establishing, implementing and overseeing business continuity and disaster recovery plan.

Ethics, Integrity and Compliance Culture

• Promote a culture of ethical decision-making, continuous improvement, and transparent communication.
• Assist in establishing and managing a confidential reporting mechanism for compliance violations.
• Lead investigation of whistleblower reports concerning potential legal violations and report to General Counsel and/or the Board of Advisors as warranted.
• Assist General Counsel in investigation of potential violations of laws or regulations, and programmatic misconduct, other than whistleblower reports.

Program Clinical Trial Research Activities

• Assist in implementation and monitoring of systems to ensure adherence to FDA regulations (21 CFR Parts 50, 56, 312), Good Clinical Practice (GCP) standards, and International Council for Harmonisation (ICH) guidelines, and protections of human subjects requirements under 45 CFR 46.
• Assist in monitoring compliance with regulations in countries whereby institutions maintain COG membership and participate in COG clinical trials, including international regulatory submissions.
• Assist in monitoring compliance with HIPAA and 21^st Century Cures Act provisions, when applicable.
• Assist in implementation of systems to oversee institutional review board (IRB) coordination and compliance across multi-site trials.
• Participate, and lead as appropriate, in research misconduct or research security allegations or violations.

 Policy Development and Implementation

• Develop and implement compliance and risk policies.
• Oversee organization-wide policy register to ensure policy development, implementation, review cycles, and version control processes are current.
• Ensure all policies align with applicable state and federal rules and regulations including NIH Grants Policy Statement, OIG compliance guidance, and sponsor-specific requirements.

Training and Education

• Participate in the design and ensure implementation of organization-wide compliance training programs, including topics such as ethics, research misconduct, federal cost principles, subrecipient monitoring, time and effort certification, and conflict of interest.
• Oversee maintenance of training records documenting participation demonstrating compliance readiness for audits and review.

Monitoring, Auditing and Reporting

• Establish and oversee internal monitoring of audit programs to assess compliance readiness with regulatory and sponsor requirements.
• Monitor subrecipient compliance program effectiveness for COG member sites spanning multiple countries. Coordinate corrective actions for noncompliance subrecipients.  Ensure FFATA and federal reporting compliance.
• Ensure Sunshine Act Reporting compliance.
• Participate in, and take the lead when appropriate for, the coordination of responses to outside entities including audits (e.g. federal funding, financial, Federal Drug Administration, etc.), industry partner requests for information, Office of Inspector General inquiries, and state regulatory requirement reporting.

Other

• Perform other duties as assigned.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill, and/or ability required.

Minimum Qualifications

• Ten (10) years of progressively responsible experience in research compliance, risk management, or regulatory affairs, with at least 5 years in a management role.
• Master’s degree in law, compliance, public administration, public health, business administration, or related field, or substitute with bachelor’s degree plus two additional years of related experience.

Other Qualifications

• Extensive experience in an academic, nonprofit 501(c)(3), fiscal sponsor or research organization subject to substantial federal awards (e.g., NIH, DoD, NSF) and adherence to IRS regulations.
• Substantial experience developing and implementing enterprise-wide compliance programs and board-level reporting according to enterprise risk management frameworks (COSO ERM) and OIG Compliance Program Guidance.
• Demonstrated understanding of Uniform Guidance (2 CFR 200) and NIH Grants Policy Statement.
• Deep knowledge of federal research compliance, risk management, and audit principles, including experience managing investigations and responding to audits and regulatory inquiries.
• Knowledge of HIPAA, data security privacy regulations and frameworks.
• Strong analytical and problem-solving skills with a strategic and detail-oriented approach.
• Excellent communication and interpersonal skills, including the ability to convey complex regulatory requirements clearly to diverse audiences.
• Proven ability to foster a culture of compliance and ethical accountability.
• Commitment to continuous improvement and operational excellence.
• Collaboration and respect across interdisciplinary teams.
• Successful history of collaborating with executive leadership and general counsel.
• Demonstrate exceptional integrity and transparency in all research and administrative practices.

Preferred Qualifications

• Experience with clinical research regulatory frameworks and clinical trial compliance requirements, particularly in a cooperative group clinical trial network
• International regulatory experience
• Professional certifications (e.g., CHC, CHRC, CRA, or CCRP)
• Juris Doctor degree

Fair Labor Standard Act (FLSA) Status

This position is classified as exempt based on the job duties. However, based on the FTE, salary level of the employee, or federal/state/local laws, the employee may be classified as nonexempt.