MANAGER, IT & CYBERSECURITY GRC
Veracyte
senior€145,000-155,000/year
Job description
<div class="content-intro"><p>At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a purpose driven environment. This is what we call <em>the Veracyte way</em> – it’s about how we work together, guided by our values, to give clinicians the insights they need to help patients make life-changing decisions. </p>
<p>Our Values:</p>
<ul>
<li><strong>We Seek A Better Way</strong>: <span data-olk-copy-source="MessageBody">We pursue bold ideas, embrace complexity, and keep pushing forward.</span></li>
<li><strong>We Make It Happen</strong>: <span data-olk-copy-source="MessageBody">We act with urgency, deliver with excellence, and always find a way. </span></li>
<li><strong>We Are Stronger Together</strong>: <span data-olk-copy-source="MessageBody">We engage with empathy, align around what's best for Veracyte, and celebrate as one team. </span></li>
<li><strong>We Care Deeply</strong>: <span data-olk-copy-source="MessageBody">We show up with integrity, kindness, and respect for one another. </span></li>
</ul>
<p> </p></div><h3><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">The Position:</span></h3>
<p>The Manager, IT & Cybersecurity GRC (Governance, Risk, and Compliance) leads the design, execution, and continuous improvement of enterprise technology controls and risk management programs. This role is accountable for managing IT SOX compliance, advancing enterprise risk management (ERM) initiatives, and strengthening cybersecurity governance across a highly regulated environment. You will partner cross‑functionally to translate risk into actionable insights, elevate control maturity, and support business growth while ensuring regulatory alignment.</p>
<p>This is a highly visible role that combines strong technical expertise with people leadership, program ownership, and strategic influence across Finance, Internal Audit, Engineering, and Executive leadership.</p>
<p><strong>Core Responsibilities</strong></p>
<ul>
<li>Lead and execute the IT SOX program, including annual scoping, risk assessments, control design, testing strategy, and deficiency remediation</li>
<li>Own and continuously improve the IT General Controls (ITGC) framework (Access, Change Management, Operations, SDLC) ensuring alignment with SOX and COSO standards</li>
<li>Serve as the primary liaison to Internal and External Audit, driving efficient audit execution and high-quality outcomes</li>
<li>Partner closely with Finance and Internal Audit to co-develop control narratives, risk assessments, and audit committee materials</li>
<li>Drive the evolution of the Enterprise Risk Management (ERM) program for IT and Cybersecurity risks, including facilitating cross-functional risk workshops and maintaining the enterprise risk register</li>
<li>Translate technical risks into business-relevant insights and provide clear reporting to executive stakeholders, including the CIO and Audit Committee</li>
<li>Lead risk lifecycle activities including risk identification, assessment, mitigation planning, and ongoing monitoring</li>
<li>Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and inform decision-making</li>
<li>Author and maintain IT and cybersecurity policies, standards, and procedures to ensure compliance with regulatory and industry frameworks</li>
<li>Evaluate and integrate GRC tools, automation, and analytics to enhance control monitoring and reporting capabilities</li>
<li>Review and assess third-party risk through SOC1/SOC2 and other service provider assurance reports</li>
<li>Lead and develop a small team (or provide functional leadership), fostering growth, accountability, and high performance</li>
<li>Drive cross-functional initiatives and special projects that strengthen governance, risk posture, and operational resilience</li>
</ul>
<h3><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Who You Are:</span></h3>
<p>You are a collaborative and solutions-oriented leader who brings structure to complexity and thrives in a fast-moving, regulated environment. You balance technical depth with business acumen and are energized by building programs, partnering across teams, and developing others. You communicate with clarity, act with integrity, and embrace continuous improvement in everything you do.</p>
<p><strong>Required Qualifications</strong></p>
<ul>
<li>6+ years of progressive experience in integrated audit, regulatory compliance, cybersecurity GRC, or risk management </li>
<li>Demonstrated experience owning and executing IT SOX / ITGC programs within a public company or SOX-regulated environment</li>
<li>Hands-on experience with risk management frameworks (COSO, NIST RMF, ISO 27001/27005 or similar)</li>
<li>Proven ability to lead cross-functional initiatives and drive alignment across Finance, Audit, Engineering, and Security teams</li>
<li>Experience managing audits and serving as a primary point of contact for auditors</li>
<li>Strong analytical and problem-solving skills with the ability to assess complex risks and design effective controls</li>
<li>Experience mentoring or leading others, with a track record of developing talent and fostering strong team engagement</li>
<li>Bachelor’s Degree in Accounting, Information Systems, Cybersecurity, or a related field</li>
</ul>
<p><strong>Preferred Qualifications</strong></p>
<ul>
<li>Professional certifications such as CPA, CISA, CISSP, or CRISC</li>
<li>Background in public accounting (Big 4 or large regional firm) with IT audit experience</li>
<li>Experience in regulated industries such as healthcare, diagnostics, or financial services</li>
<li>Experience implementing GRC tools and driving automation or continuous control monitoring (CCM)</li>
<li>Ability to leverage emerging technologies, including AI-enabled tools, to enhance compliance and risk management processes</li>
<li>Strong executive communication skills with experience presenting to senior leadership or audit committees</li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><span style="font-family: Helvetica, Arial, sans-serif; font-size: 14px;">#LI-Remote</span></span></p>
<p> </p><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p></p>
<p class="x_MsoNormal"><span data-olk-copy-source="MessageBody">The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to years of experience, skillset, geographic location, industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.</span></p></div><div class="title">Pay range</div><div class="pay-range"><span>$145,000</span><span class="divider">-</span><span>$155,000 USD</span></div></div></div><div class="content-conclusion"><p> </p>
<h3><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">What We Can Offer You</span></h3>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 Certified™ Great Place to Work<sup>®</sup> in both the US and Israel - a testament to our dynamic, inclusive, and inspiring workplace where passion meets purpose.</span></p>
<p> </p>
<h3><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">About Veracyte</span></h3>
<p>Veracyte (Nasdaq: VCYT) is a global diagnostics company whose vision is to transform cancer care for patients all over the world. We empower clinicians with the high-value insights they need to guide and assure patients at pivotal moments in the race to diagnose and treat cancer. Our Veracyte Diagnostics Platform delivers high-performing cancer tests that are fueled by broad genomic and clinical data, deep bioinformatic and AI capabilities, and a powerful evidence-generation engine, which ultimately drives durable reimbursement and guideline inclusion for our tests, along with new insights to support continued innovation and pipeline development. For more information, please visit <a href="https://cts.businesswire.com/ct/CT?id=smartlink&url=https%3A%2F%2Fwww.veracyte.com%2F&esheet=54340020&newsitemid=20251015446872&lan=en-US&anchor=www.veracyte.com&index=5&md5=4d48386b00ece1531372e2e593d7cd2d">www.veracyte.com</a> or follow us on <a href="https://cts.businesswire.com/ct/CT?id=smartlink&url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fveracyte%2F&esheet=54340020&newsitemid=20251015446872&lan=en-US&anchor=LinkedIn&index=6&md5=234cba826cb637f449d2722139f551ef">LinkedIn</a> or <a href="https://cts.businesswire.com/ct/CT?id=smartlink&url=https%3A%2F%2Fx.com%2Fveracyte%3Fs%3D11&esheet=54340020&newsitemid=20251015446872&lan=en-US&anchor=X+%28Twitter%29&index=7&md5=20ead95735af622bf261b20735515b66">X (Twitter)</a>.</p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our </span><a href="https://www.veracyte.com/legal/privacy-statement-for-california-residents/">CCPA Disclosure Notice</a></p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><strong><span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to <a class="fui-Link ___1rxvrpe f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" href="mailto:careers@Veracyte.com" target="_blank">careers@veracyte.com</a></span></strong></span></p></div>