Director, IT Governance, Risk, and Compliance (GRC)

Company Overview

Tango Therapeutics is a biotechnology company dedicated to discovering novel drug targets and delivering the next generation of precision medicine for the treatment of cancer.

Using an approach that starts and ends with patients, Tango leverages the genetic principle of synthetic lethality to discover and develop therapies that take aim at critical targets in cancer.

This includes expanding the universe of precision oncology targets into novel areas such as tumor suppressor gene loss and their contribution to the ability of cancer cells to evade immune cell killing.

The Tango labs and offices are located at 201 Brookline Avenue, in the Fenway area of Boston, Massachusetts.

Summary:

Reporting directly to the Head of IT, the Director, IT GRC will be responsible for establishing, maintaining, and operating Tango Therapeutics’ IT governance, risk management, and compliance framework.

This role serves as the primary IT authority for regulatory compliance, IT risk management, policy governance, and validation oversight within a regulated biotechnology environment. The individual will work closely with Quality, Clinical, Finance, Legal, and external partners to ensure Tango’s IT systems, controls, and processes meet applicable regulatory and business requirements.

This role combines strategic leadership, program ownership, and hands-on execution, appropriate for a growing organization. In addition to governance and compliance responsibilities, this role will provide project management leadership for IT initiatives, ensuring projects are delivered on time, within budget, and in compliance with regulatory expectations. Success in this role is measured by sustained audit readiness, effective risk management, and the establishment of scalable IT governance practices that support Tango’s long-term objectives.

This is a full-time, on-site position based in Boston, MA.

Your role:

• IT Governance & Policy Management

• Own the development, maintenance, and enforcement of IT policies, SOPs, work instructions, and department- and company-wide processes

• Establish and maintain a scalable IT governance framework aligned with company growth and regulatory expectations

• Ensure policies and procedures align with industry best practices and regulatory standards, including NIST, GxP, and SOX

• Partner with IT and business stakeholders to operationalize governance requirements across the organization

• IT Risk Management

• Lead IT risk identification, assessment, and mitigation activities across systems and processes

• Support enterprise risk management initiatives as they relate to IT, cybersecurity, and regulated systems

• Ensure IT risks are documented, tracked, and addressed in a risk-based and pragmatic manner

• Align IT risk management practices with recognized frameworks such as NIST

• Regulatory Compliance

• Serve as the primary IT owner for external regulatory compliance initiatives, including SOX, GxP, EU Annex 11, and other applicable U.S., EU, and UK regulations

• Ensure IT controls are designed, implemented, and operating effectively to support audit and inspection readiness

• Act as a key IT liaison during internal audits, external audits, and regulatory inspections

• Manage IT-related audit responses, findings, and corrective and preventive actions (CAPAs)

• IT Validation & Quality Oversight

• Oversee IT system validation activities for new and existing systems in regulated environments

• Ensure validation documentation, testing, approvals, and traceability are completed in a compliant and inspection-ready manner

• Own or support IT change control processes, ensuring changes are properly assessed, approved, tested, and documented

• Partner closely with Quality and system owners to ensure validation activities meet regulatory and company standards

• IT Project Management

• Provide governance and oversight for IT initiatives, ensuring delivery aligns with compliance, risk, and business priorities

• Integrate compliance, validation, and risk considerations into project planning and execution

• Coordinate with internal teams and external vendors to drive accountability and delivery

• Track project risks, dependencies, and milestones, escalating issues as appropriate

• Vendor & Third-Party Oversight

• Support IT vendor qualification and oversight activities in partnership with Quality

• Participate in vendor assessments and audits as needed, including occasional travel with Quality for inspections

• Ensure vendor-managed systems and services meet Tango’s governance and compliance expectations

What you bring:

Required:

• Bachelor’s degree in Information Systems, Computer Science, or a related field

• 10+ years of experience in IT governance, compliance, validation, risk, or quality roles within a regulated life sciences environment

• Demonstrated experience supporting GxP, SOX, and Annex 11 compliance

• Strong understanding of IT system validation, change control, and documentation requirements

• Hands-on experience creating and maintaining IT policies, SOPs, and governance frameworks

• Experience supporting internal and external audits and regulatory inspections

• Proven ability to operate as a senior individual contributor with ownership and accountability

• Strong project management skills with the ability to manage multiple initiatives concurrently

• Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical implementation

• Detail-oriented, risk-aware, and pragmatic in approach

Preferred

• Experience in a clinical-stage or commercializing biotech or pharmaceutical company

• Familiarity with FDA regulations (e.g., 21 CFR Part 11) and global regulatory expectations

• Experience partnering closely with Quality, Clinical Operations, Finance, and Legal teams

• Exposure to enterprise systems such as QMS/eQMS, RIMS, CTMS, ERP, or financial systems

• Formal project management training or certification (e.g., PMP) a plus

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Salary range
$165,600—$248,400 USD