Job Description

Description

About Norstella:

At Norstella, our mission is simple: to help our clients bring life-saving therapies to market quicker--and help patients in need. Founded in 2022, but with history going back to 1939, Norstella unites best-in-class brands to help clients navigate the complexities at each step of the drug development life cycle --and get the right treatments to the right patients at the right time.



Each organization (Citeline, Evaluate, MMIT, Panalgo, The Dedham Group) delivers must-have answers for critical strategic and commercial decision-making. Together, via our market-leading brands, we help our clients:

Citeline - accelerate the drug development cycle Evaluate - bring the right drugs to market MMIT - identify barrier to patient access Panalgo - turn data into insight faster The Dedham Group - think strategically for specialty therapeutics




By combining the efforts of each organization under Norstella, we can offer an even wider breadth of expertise, cutting-edge data solutions and expert advisory services alongside advanced technologies such as real-world data, machine learning and predictive analytics. As one of the largest global pharma intelligence solution providers, Norstella has a footprint across the globe with teams of experts delivering world class solutions in the USA, UK, The Netherlands, Japan, China and India.

:

We are looking for a Governance, Risk, and Compliance (GRC) Engineer to support our global information security program. In this role, you will execute compliance and audit activities, support quality evidence management and effective reporting. You will contribute to risk assessments, policy updates, vendor reviews, and compliance monitoring, while collaborating with team members and partners across the organization.



This is a hands-on role where attention to detail and strong organizational skills are critical. You will gain direct exposure to global regulatory frameworks and industry best practices, making this an excellent opportunity to build your GRC skills and capabilities while working with a high performing global team in the healthcare and data science spaces.

Responsibilities:

Regulatory & Contractual Compliance Management


Ensure compliance obligations are tracked and evidence is properly collected and organized for audits, regulatory inspections, or customer reviews. You'll help keep our organization audit-ready at all times.

Technical Proficiency & Tooling


You have experience with GRC platforms (e.g., Vanta, ServiceNow) and familiarity with core security technologies such as SIEM, IAM, and vulnerability management. Exposure to scripting or APIs used to automate evidence collection is a significant plus.

Policy & Standards Development


Contribute to the drafting and updating of policies by documenting processes, proposing improvements, and assisting with reviews under the guidance of senior team members.

Risk Management & Assessment


Plan and execute internal control testing. Support the execution of risk assessments by identifying control gaps, documenting findings, and escalating issues when needed. You'll learn how risks are translated into actionable mitigation plans.


Audit & Control Assurance


Independently conduct assigned audit tasks such as evidence gathering, validation, and report preparation, ensuring accuracy and completeness.

Third-Party & Vendor Risk Management


Perform due diligence checks on vendors and partners, documenting outcomes and highlighting potential risks for senior team review.

Security Architecture & Control Design Governance


Assist in reviewing technical designs against established compliance checklists, helping ensure new systems meet governance standards from the start.

Training & Awareness


Deliver basic training and refresher sessions for targeted groups, reinforcing compliance expectations and building awareness across the organization.

Qualifications:

A bachelor's degree in Cybersecurity, Computer Science, Information Assurance, or a related field is preferred, but equivalent professional experience will also be considered. Relevant certifications (such as CompTIA Security+, CISA, or ISO 27001 foundations) are a plus and will help demonstrate your commitment to the field.

Preferred qualifications:

Typically 2+ years of experience in GRC or related fields, or equivalent experience gained by independently executing compliance and audit tasks. This is a role for someone who already knows the basics of audits and compliance and is ready to take on more ownership.

Regulatory & Framework Knowledge


Working knowledge of key regulatory frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, or NIST. You don't need to be an expert yet, but you should be comfortable applying these frameworks to support audits and compliance tasks.

Industry & Domain Expertise


Familiarity with concepts in SaaS, cloud-native environments, or regulated industries like healthcare or life sciences. You should be able to apply what you know under direction and be eager to learn the nuances of complex global operations.

Audit Process Proficiency


Experience with the basic steps of audit; collecting evidence, validating accuracy, and preparing reports. You'll use these skills regularly to support internal and external reviews.

Risk Analysis & Management


Understand how to identify risks, document them, and record mitigation activities. Contribute to assessments and learn how risk management informs business decisions.

Metrics & Reporting Ability


Be able to gather and present metrics in a clear, organized format for team and leadership review. You are comfortable turning raw data into insights that help track compliance health.

Policy Writing Abilities / Experience


Contribute to policy documentation, including drafting updates, formatting, and ensuring accuracy. Learn how policy connects regulatory obligations to daily operations.

AI/ML Governance & Responsible Use


Posses awareness of compliance and ethical considerations in AI/ML. Help support monitoring and assessments, contributing to the responsible adoption of emerging technologies.

Why Join Us?

Opportunity to work with a collaborative and high-performing Finance team.

Exposure to complex and evolving revenue models in a global business.

Competitive compensation and benefits package.

Career growth and development opportunities.

Our Guiding Principles for success at Norstella:

01:

Bold, Passionate, and Mission-First

02:

Integrity, Truth, and Reality

03:

Kindness, Empathy, and Grace

04:

Resilience, Mettle, and Perseverance

05:

Humility, Gratitude, and Learning

Benefits:

Health Insurance Provident Fund Reimbursement of Certification Expenses Gratuity 24x7 Health Desk




Norstella is an equal opportunity employer. All job applicants will receive equal treatment regardless of race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, physical or mental disability or handicap, medical condition, sex (including pregnancy and pregnancy-related conditions), marital or domestic partner status, military or veteran status, gender, gender identity or expression, sexual orientation, genetic information, reproductive health decision making, or any other protected characteristic as established by federal, state, or local law.



Sometimes the best opportunities are hidden by self-doubt. We disqualify ourselves before we have the opportunity to be considered. Regardless of where you came from, how you identify, or the path that led you here- you are welcome. If you read this job description and feel passion and excitement, we're just as excited about you.



All legitimate roles with Norstella will be posted on Norstella's job board which is located at norstella.com/careers. If a role is not posted on this job board, a candidate should assume the role is not a legitimate role with Norstella. Norstella is not responsible for an application that may be submitted by or through a third-party and candidates should proceed with extreme caution if a third-party approaches them about an open role with Norstella. Norstella will never ask for anything of value or any type of payment during or as part of any recruitment, interview, or pre-hire onboarding process. If you are aware of or have reason to believe a job posting purportedly for a role with Norstella is fraudulent or otherwise not authorized by Norstella, please contact the Company using the following email address: ApplicationHelp@norstella.com.