Job Summary: The Quality Management Systems Professional will be responsible for developing and maintaining our Quality Management System for Biofourmis. He/She shall establish and implement quality systems in adherence our Singapore office’s Quality Management Systems. Biofourmis develops software as a medical device (SaMD) products that we believe will change healthcare. This role is key in ensuring that our products are built with the highest quality, are validated in the appropriate clinical setting, and that our Quality System ensures a continued excellence and commitment to our customers and their patients. Responsibilities Developing and maintaining all aspects of our Quality System to be compliant with ISO 13485, while still allowing for rapid product development iterations and facilitating modern software development best practices. Establish and implement site specific SOPs or WIs in accordance to Singapore’s QMS. Conducting internal audits, hosting external audits (ex. from FDA) and resolving findings in a timely manner, all in conjunction with a cross-functional team, and advising internal business stakeholders on risk and compliance requirements. Ensuring the product development, verification and validation, and risk management activities of development teams, key partner organizations, and other service vendors meet industry standards and internal SOPs, to deliver world class software products to our customers and their patients. Ensure product development documentation is maintained within the organization in accordance with Biofourmis’s QMS and regulatory standards. Ensure selecting, qualifying and monitoring of Supplier in accordance to Supplier Management process. Enforce and cultivate continuous quality improvement and collaborate with departments ensuring all quality objectives are met. Manage and monitor complaint/feedback ensuring timely close out. Coordinate 3rd party audits/inspections activities. Promote and advocate Quality awareness. Other jobs assigned by supervisor. Leadership Advise relevant department on Quality Management Systems requirements Approver of site specific QMS documents Liaison to Local Regulatory Agencies Experience / Training Minimum 5 years experience in a medical device compliance related role. Experience with Software as a Medical Device (SaMD) and cloud computing is preferred. Experience with wearable technology is preferred. Experience with clinical trials of non-significant risk medical devices is preferred. Education Bachelor’s Degree or equivalent experience in Science, Engineering, Regulatory or Medical Device, Pharmaceutical industry. ASQ Certified Quality Engineer (CQE) or ASQ Certified Quality Auditor (CQA) is preferred. Skills Strong knowledge of QMS standards, especially ISO 13485. Knowledge of ISO 14971 and IEC 62304 is preferred. Strong knowledge of medical device engineering standards related to software development, risk management, usability engineering, verification and validation, etc.
- Engage with LOB Delivery Managers to ensure compliance with all required assessments per the policy and procedures. - Drive all aspects of the application controls assessment and application development life cycle assessment of third party providers. - Assess completed questionnaire and supporting field work materials to ensure they are complete and meet required expectations. - Conduct the remote assessment, providing the overall IT Risk expertise. Identify control breaks and vulnerabilities with a third party application. - Document findings and work with the LOB Delivery Manager to resolve those findings through Control Breaks logged within internal risk management systems. - Escalate issues associated with third parties as needed - Identify opportunities for improving third party risk posture as well as third party risk management processes, including expanded monitoring, KRI tracking, etc. - Assist with various Third Party Risk Management program initiatives working closely with the Third Party Risk Management Leads. - Support internal education and best practices sharing with peers and colleagues, as well as third party education & awareness, as needed
• Lead development teams in implementation of GRC solutions within ServiceNow platform including: • Policy & Compliance Management • Risk Management • Vendor Management • Audit Management • Perform fit-gap analysis to identify fitment of defined business to the technical capabilities of the ServiceNow platform. Identify level of effort required in customizing the solution to meet the requirements which have been identified as gaps. • Participate in the functional requirement & design workshops and assist in the development of the functional requirements and technical design documents • Coordinate technical tasks and work effort • Act as an escalation point of contact for technical issues and support • Lead the team in the development, unit testing, defect fixing and deployment of update sets. • Assist the project manager in ensuring overall quality of deliverables, alignment to SDLC best practices
• Design and develop typical GRC solutions like risk management (enterprise and information technology risk), compliance management, issue and corrective action plan management, exception management, policy life cycle management, third-party risk management, audit management, threat and vulnerability management, enterprise asset management, and security operations management • Define, enhance, and implement enterprise risk management frameworks based on industry standards and frameworks (e.g., ISO 27001, COSO, COBIT, PCI, NIST, HIPAA, etc.) on GRC technologies, such as RSA Archer. • Assist in gathering and documenting business requirements and identifying gaps within existing systems and processes • Define the architecture and design elements for implementation of GRC solution (including design data/object models, technical workflows diagrams, access control models, etc.) • Lead build/configuration of GRC solutions on RSA Archer as per defined business requirements and design • Lead software development life cycle (SDLC) efforts for successful build, test, and roll-out of GRC solution into production use • Assist in developing GRC governance and operating model for the setup and sustainment of the GRC program