CSV / IT GxP Consultant

Location: MA, hybrid

Duration: 1 year

Start Date: 3/10/25

Job Overview:

Our client seeking an experienced CSV / IT GxP Consultant. This role will focus on ensuring the alignment of internal policies with federal and state regulations, improving our Computer System Validation (CSV) processes, and enhancing third-party vendor compliance. The position will also involve developing and implementing SOPs, as well as managing data privacy and retention policies. The ideal candidate will have experience in GxP regulations and a strong understanding of IT procedures and systems.

Key Responsibilities:

Phase 1: Policy Review and Development

Regulatory Compliance Review (Partially Completed)

• Conduct a comprehensive review of existing policies.
• Ensure all policies are aligned with Federal and State regulations.

Policy Development and Enhancement (Partially Completed)

• Review and update the Written Information Security Policy (WISP).
• Define threshold criteria for policy activation.
• Define confidentiality measures.
• Review and develop the Computer System Incident Response Team Policy.
• Develop the Artificial Intelligence Policy (AIP).

Standard Operating Procedures (SOPs) Development

• Collaborate with the Quality Assurance (QA) team to ensure SOPs are integrated into Veeva.
• Create SOPs based on current IT procedures in ClickUp.
• Develop SOPs for Computer System Validation (CSV).
• Link SOPs to the overall change control program, ensuring IT change controls are understood and triggered correctly.

Computer System Validation (CSV)

• Evaluate and implement CSV as part of the GxP framework.
• Leverage contacts to conduct the CSV/IT portion of supplier audits (virtual audits).
• Establish a supplier IT systems oversight framework based on findings from mock inspections.
• Develop a comprehensive overall CSV program for the client, covering GxP IT systems and third-party systems (e.g., Veeva).

Third-Party Vendor Auditing

• Conduct mock audits to ensure vendor compliance with:
• WISP
• AIP
• CSV requirements.

Phase 2: Data Management and Privacy

Data Mapping

• Identify and locate personal and confidential information within systems.
• Create diagrams to support data mapping and data flow.

Privacy Impact Assessment

• Develop a comprehensive Privacy Impact Statement.

Data Retention

• Create and implement a Data Retention Policy.

Deliverables:

• Updated regulatory-compliant policies (WISP, Incident Response, AIP).
• SOPs for IT procedures and CSV.
• CSV implementation documentation.
• Third-party vendor audit reports.
• Data map of personal and confidential information.
• Privacy Impact Statement.
• Data Retention Policy.

Qualifications:

• Proven experience in regulatory compliance, GxP frameworks, and IT governance.
• Expertise in policy development, IT systems auditing, and SOP creation.
• Experience with Computer System Validation (CSV) and third-party vendor auditing.
• Strong knowledge of data privacy regulations and data management practices.
• Familiarity with Veeva, ClickUp, and other IT systems.
• Ability to conduct virtual audits and engage with suppliers effectively.