Veracyte
Governance, Risk & Compliance (GRC) Senior Analyst
Veracyte, South San Francisco, California, us, 94083
At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a purpose-driven environment. This is what we call the Veracyte way - it's about how we work together, guided by our values, to give clinicians the insights they need to help patients make life-changing decisions.
Our Values:
We Seek A Better Way : We innovate boldly, learn from our setbacks, and are resilient in our pursuit to transform cancer care
We Make It Happen : We act with urgency, commit to quality, and bring fun to our hard work
We Are Stronger Together : We collaborate openly, seek to understand, and celebrate our wins
We Care Deeply : We embrace our differences, do the right thing, and encourage each other
The Position:
We are seeking a detail-oriented, experienced Governance, Risk & Compliance (GRC) Senior Analyst to assist with leading and supporting the organization's governance, risk, and compliance initiatives. Under the direction of Management, the incumbent will perform IT risk assessments, ensure controls, policies, and procedures and resources are in place for IT and Security teams to effectively manage risk. You will articulate risk appetite and advocate risk culture; act as a challenge function by providing questions and feedback across multiple functions. In addition, you will ensure that the company's operations align with relevant regulations, internal policies, standards, and risk management frameworks. The ideal candidate will have a strong understanding of risk management principles, compliance standards, and information security best practices. As the program evolves, the role will be responsible for maturing the GRC operations. Essential Responsibilities: Governance & Compliance : Assist in developing and maintaining internal control frameworks, policies, and procedures that align with industry regulations (e.g., ISO 27001, SOX, GDPR, HIPAA). Ensure organizational compliance with legal and regulatory requirements. Monitor and report on compliance with data privacy regulations and internal security policies. Collaborate with departments to implement and improve governance processes. Track and report on GRC metrics, KPIs, and audit remediation activities Risk Management : Contribute to enhancing IT and Security risk management program Perform risk assessments, identifying vulnerabilities, threats, and control gaps. Conduct vendor risk management reviews, evaluating the risk posed by third-party service providers. Support the implementation of risk management frameworks and tools. Provide recommendations for mitigating identified risks and ensuring effective remediation strategies. Monitor and track risk treatment plans and risk acceptance decisions. Internal Audit Support : Assist in internal and external audits to ensure audit testing are conducted in a cooperative, timely efficient manner with value-added reporting and cost-effective recommendation being provided to management to strengthen IT and Security controls. Conduct audits of high-risk processes within IT and Security functions to ensure compliance with policies and standards. Work with IT process owners to identify/improve and document detail controls for key applications, security, and infrastructure components relating to compliance with SOX, GDPR, HIPPA, ISO27000, etc. Provide periodic reports to leadership on open issues and remediation status. Establish and maintain IT and Cybersecurity risk register. Track audit findings in the appropriate risk and audit findings registers. Work with control owners to ensure findings are remediated on a timely basis. Incident Response : Assist in developing and improving the organization's incident response plan. Participate in incident investigations and support post-incident reviews to identify control weaknesses. Familiar with risk management and controls frameworks, cyber kill chain, and NIST incident response lifecycle Document and define improvements over incident playbooks Perform root cause analysis and lessons learned reporting Maintain incident response tracker Training & Awareness : Contribute to the development of security awareness training programs and conduct training sessions as needed. Ensure the organization's Cybersecurity Training and Awareness program meets industry regulations, standards, and compliance requirements. Communicate changes in regulatory requirements and provide guidance on compliance best practices to employees. Who You Are:
Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field. 5+ years of experience in GRC, information security, risk management, or compliance. Experience with regulatory frameworks such as ISO 27001, NIST, SOX, PCI-DSS, GDPR, HIPAA, etc. Experience in risk assessments and compliance audits is preferred. Strong knowledge of risk management and compliance frameworks. Familiarity with third-party vendor risk management practices. Excellent communication and report-writing skills. Detail-oriented with the ability to analyze complex regulatory requirements. Proficient in using GRC tools and software for tracking and managing compliance/risk activities. Ability to manage multiple projects and take on other security tasks as needed Certifications (Preferred): Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Privacy Professional (CIPP) Veracyte is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. Veracyte participates in E-Verify in the United States.
#J-18808-Ljbffr
We are seeking a detail-oriented, experienced Governance, Risk & Compliance (GRC) Senior Analyst to assist with leading and supporting the organization's governance, risk, and compliance initiatives. Under the direction of Management, the incumbent will perform IT risk assessments, ensure controls, policies, and procedures and resources are in place for IT and Security teams to effectively manage risk. You will articulate risk appetite and advocate risk culture; act as a challenge function by providing questions and feedback across multiple functions. In addition, you will ensure that the company's operations align with relevant regulations, internal policies, standards, and risk management frameworks. The ideal candidate will have a strong understanding of risk management principles, compliance standards, and information security best practices. As the program evolves, the role will be responsible for maturing the GRC operations. Essential Responsibilities: Governance & Compliance : Assist in developing and maintaining internal control frameworks, policies, and procedures that align with industry regulations (e.g., ISO 27001, SOX, GDPR, HIPAA). Ensure organizational compliance with legal and regulatory requirements. Monitor and report on compliance with data privacy regulations and internal security policies. Collaborate with departments to implement and improve governance processes. Track and report on GRC metrics, KPIs, and audit remediation activities Risk Management : Contribute to enhancing IT and Security risk management program Perform risk assessments, identifying vulnerabilities, threats, and control gaps. Conduct vendor risk management reviews, evaluating the risk posed by third-party service providers. Support the implementation of risk management frameworks and tools. Provide recommendations for mitigating identified risks and ensuring effective remediation strategies. Monitor and track risk treatment plans and risk acceptance decisions. Internal Audit Support : Assist in internal and external audits to ensure audit testing are conducted in a cooperative, timely efficient manner with value-added reporting and cost-effective recommendation being provided to management to strengthen IT and Security controls. Conduct audits of high-risk processes within IT and Security functions to ensure compliance with policies and standards. Work with IT process owners to identify/improve and document detail controls for key applications, security, and infrastructure components relating to compliance with SOX, GDPR, HIPPA, ISO27000, etc. Provide periodic reports to leadership on open issues and remediation status. Establish and maintain IT and Cybersecurity risk register. Track audit findings in the appropriate risk and audit findings registers. Work with control owners to ensure findings are remediated on a timely basis. Incident Response : Assist in developing and improving the organization's incident response plan. Participate in incident investigations and support post-incident reviews to identify control weaknesses. Familiar with risk management and controls frameworks, cyber kill chain, and NIST incident response lifecycle Document and define improvements over incident playbooks Perform root cause analysis and lessons learned reporting Maintain incident response tracker Training & Awareness : Contribute to the development of security awareness training programs and conduct training sessions as needed. Ensure the organization's Cybersecurity Training and Awareness program meets industry regulations, standards, and compliance requirements. Communicate changes in regulatory requirements and provide guidance on compliance best practices to employees. Who You Are:
Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field. 5+ years of experience in GRC, information security, risk management, or compliance. Experience with regulatory frameworks such as ISO 27001, NIST, SOX, PCI-DSS, GDPR, HIPAA, etc. Experience in risk assessments and compliance audits is preferred. Strong knowledge of risk management and compliance frameworks. Familiarity with third-party vendor risk management practices. Excellent communication and report-writing skills. Detail-oriented with the ability to analyze complex regulatory requirements. Proficient in using GRC tools and software for tracking and managing compliance/risk activities. Ability to manage multiple projects and take on other security tasks as needed Certifications (Preferred): Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Privacy Professional (CIPP) Veracyte is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. Veracyte participates in E-Verify in the United States.
#J-18808-Ljbffr