Veracyte
Governance, Risk & Compliance (GRC) Senior Specialist
Veracyte, San Diego, California, United States, 92189
Governance, Risk & Compliance (GRC) Senior Specialist
Join to apply for the
Governance, Risk & Compliance (GRC) Senior Specialist
role at
Veracyte, Inc. The Position
We are seeking a detail-oriented, experienced Governance, Risk & Compliance (GRC) Senior Specialist to assist with leading and supporting the organizations governance, risk, and compliance initiatives. Under the direction of Management the incumbent will perform IT risk assessments, ensure controls, policies and procedures and resources are in place for IT and Security teams to effectively manage risk. The GRC Specialist will articulate risk appetite and advocate risk culture; act as a challenge function by providing questions and feedback across multiple functions. In addition, the specialist will work to ensure that the companys operations align with relevant regulations, internal policies, standards and risk management frameworks. The ideal candidate will have a strong understanding of risk management principles, compliance standards, and information security best practices. As the program evolves the role will be responsible for maturing the GRC operations. Essential Responsibilities Governance & Compliance Assist in developing and maintaining internal control frameworks, policies, and procedures that align with industry regulations (e.g., ISO 27001, SOX, GDPR, HIPAA). Ensure organizational compliance with legal and regulatory requirements. Monitor and report on compliance with data privacy regulations and internal security policies. Collaborate with departments to implement and improve governance processes. Track and report on GRC metrics, KPIs, and audit remediation activities.
Risk Management
Contribute to enhancing IT and Security risk management program. Perform risk assessments, identifying vulnerabilities, threats, and control gaps. Conduct vendor risk management reviews, evaluating the risk posed by third-party service providers. Support the implementation of risk management frameworks and tools. Provide recommendations for mitigating identified risks and ensuring effective remediation strategies. Monitor and track risk treatment plans and risk acceptance decisions.
Internal Audit Support
Assist in internal and external audits to ensure audit testing is conducted in a cooperative, timely, efficient manner with value-added reporting and cost-effective recommendations to strengthen IT and Security controls. Conduct audits of high-risk processes within IT and Security functions to ensure compliance with policies and standards. Work with IT process owners to identify, improve, and document detailed controls for key applications, security and infrastructure components relating to compliance with SOX, GDPR, HIPAA, ISO27000, etc. Provide periodic reports to leadership on open issues and remediation status. Establish and maintain IT and Cybersecurity risk registers. Track audit findings in the appropriate risk and audit findings registers. Work with control owners to ensure findings are remediated on a timely basis.
Incident Response
Assist in developing and improving the organizations incident response plan. Participate in incident investigations and support post-incident reviews to identify control weaknesses. Familiar with risk management and controls frameworks, cyber kill chain and NIST incident response lifecycle. Document and define improvements over incident playbooks. Perform root cause analysis and lessons learned reporting. Maintain incident response tracker.
Training & Awareness
Contribute to the development of security awareness training programs and conduct training sessions as needed. Ensure the organizations Cybersecurity Training and Awareness program meets industry regulations, standards, and compliance requirements. Communicate changes in regulatory requirements and provide guidance on compliance best practices to employees.
Who You Are
Bachelors degree in Information Security, Risk Management, Business Administration, or a related field. 5+ years of experience in GRC, information security, risk management, or compliance. Experience with regulatory frameworks such as ISO 27001, NIST, SOX, PCI-DSS, GDPR, HIPAA, etc. Experience in risk assessments and compliance audits is preferred. Strong knowledge of risk management and compliance frameworks. Familiarity with third-party vendor risk management practices. Excellent communication and report-writing skills. Detail-oriented with the ability to analyze complex regulatory requirements. Proficient in using GRC tools and software for tracking and managing compliance/risk activities. Ability to manage multiple projects and take on other security tasks as needed.
Certifications (Preferred)
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Privacy Professional (CIPP)
The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job and industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states. Pay range $110,000$125,000 USD What We Can Offer You
Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 Certified Great Place to Work in both the US and Israel. About Veracyte
Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The companys growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The companys tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. Veracyte is based in South San Francisco, California. For more information, please visit www.veracyte.com and follow the company on X (Formerly Twitter). Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our CCPA Disclosure Notice. If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to careers@veracyte.com #J-18808-Ljbffr
Join to apply for the
Governance, Risk & Compliance (GRC) Senior Specialist
role at
Veracyte, Inc. The Position
We are seeking a detail-oriented, experienced Governance, Risk & Compliance (GRC) Senior Specialist to assist with leading and supporting the organizations governance, risk, and compliance initiatives. Under the direction of Management the incumbent will perform IT risk assessments, ensure controls, policies and procedures and resources are in place for IT and Security teams to effectively manage risk. The GRC Specialist will articulate risk appetite and advocate risk culture; act as a challenge function by providing questions and feedback across multiple functions. In addition, the specialist will work to ensure that the companys operations align with relevant regulations, internal policies, standards and risk management frameworks. The ideal candidate will have a strong understanding of risk management principles, compliance standards, and information security best practices. As the program evolves the role will be responsible for maturing the GRC operations. Essential Responsibilities Governance & Compliance Assist in developing and maintaining internal control frameworks, policies, and procedures that align with industry regulations (e.g., ISO 27001, SOX, GDPR, HIPAA). Ensure organizational compliance with legal and regulatory requirements. Monitor and report on compliance with data privacy regulations and internal security policies. Collaborate with departments to implement and improve governance processes. Track and report on GRC metrics, KPIs, and audit remediation activities.
Risk Management
Contribute to enhancing IT and Security risk management program. Perform risk assessments, identifying vulnerabilities, threats, and control gaps. Conduct vendor risk management reviews, evaluating the risk posed by third-party service providers. Support the implementation of risk management frameworks and tools. Provide recommendations for mitigating identified risks and ensuring effective remediation strategies. Monitor and track risk treatment plans and risk acceptance decisions.
Internal Audit Support
Assist in internal and external audits to ensure audit testing is conducted in a cooperative, timely, efficient manner with value-added reporting and cost-effective recommendations to strengthen IT and Security controls. Conduct audits of high-risk processes within IT and Security functions to ensure compliance with policies and standards. Work with IT process owners to identify, improve, and document detailed controls for key applications, security and infrastructure components relating to compliance with SOX, GDPR, HIPAA, ISO27000, etc. Provide periodic reports to leadership on open issues and remediation status. Establish and maintain IT and Cybersecurity risk registers. Track audit findings in the appropriate risk and audit findings registers. Work with control owners to ensure findings are remediated on a timely basis.
Incident Response
Assist in developing and improving the organizations incident response plan. Participate in incident investigations and support post-incident reviews to identify control weaknesses. Familiar with risk management and controls frameworks, cyber kill chain and NIST incident response lifecycle. Document and define improvements over incident playbooks. Perform root cause analysis and lessons learned reporting. Maintain incident response tracker.
Training & Awareness
Contribute to the development of security awareness training programs and conduct training sessions as needed. Ensure the organizations Cybersecurity Training and Awareness program meets industry regulations, standards, and compliance requirements. Communicate changes in regulatory requirements and provide guidance on compliance best practices to employees.
Who You Are
Bachelors degree in Information Security, Risk Management, Business Administration, or a related field. 5+ years of experience in GRC, information security, risk management, or compliance. Experience with regulatory frameworks such as ISO 27001, NIST, SOX, PCI-DSS, GDPR, HIPAA, etc. Experience in risk assessments and compliance audits is preferred. Strong knowledge of risk management and compliance frameworks. Familiarity with third-party vendor risk management practices. Excellent communication and report-writing skills. Detail-oriented with the ability to analyze complex regulatory requirements. Proficient in using GRC tools and software for tracking and managing compliance/risk activities. Ability to manage multiple projects and take on other security tasks as needed.
Certifications (Preferred)
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Privacy Professional (CIPP)
The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job and industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states. Pay range $110,000$125,000 USD What We Can Offer You
Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 Certified Great Place to Work in both the US and Israel. About Veracyte
Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The companys growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The companys tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. Veracyte is based in South San Francisco, California. For more information, please visit www.veracyte.com and follow the company on X (Formerly Twitter). Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our CCPA Disclosure Notice. If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to careers@veracyte.com #J-18808-Ljbffr