Veracyte, Inc.
Director, Governance, Risk, and Compliance
Veracyte, Inc., San Diego, California, United States, 92189
Director, Governance, Risk, and Compliance
Join to apply for the
Director, Governance, Risk, and Compliance
role at
Veracyte, Inc. Director, Governance, Risk, and Compliance
Join to apply for the
Director, Governance, Risk, and Compliance
role at
Veracyte, Inc. Get AI-powered advice on this job and more exclusive features. At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte – whether it be in one of our labs, corporate offices, the field – enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a results-driven environment that values innovation, collaboration, and compassion.
The Position
We are seeking a highly experienced and strategic
Director of Governance, Risk, and Compliance (GRC)
to lead and mature the organization's GRC program. This role will be responsible for building and overseeing the company’s governance frameworks, risk management processes, and compliance initiatives, including achieving and maintaining SOC 2 Type II and HITRUST certification. The ideal candidate will partner closely with Cybersecurity, Legal, IT, and business leadership to ensure ongoing compliance with regulatory requirements, while managing organizational risk and strengthening overall security posture.
Location: This is a hybrid/onsite position based in our San Diego location.
Based on candidate location, we may consider a remote candidate based in the U.S.
Key Responsibilities
GRC Program Leadership:
Design, implement, and lead the enterprise GRC program, aligning governance, risk, and compliance activities to business objectives. Develop and maintain internal policies, controls, and procedures to meet regulatory and industry standards including SOC 2 Type II, HITRUST, HIPAA, SOX, and applicable privacy regulations. Serve as the primary owner and project lead for SOC 2 Type II and HITRUST readiness, certification, and ongoing compliance maintenance. Act as a key advisor to executive leadership on enterprise risk and compliance posture.
Risk Management
Establish and maintain risk management frameworks to identify, assess, mitigate, and monitor enterprise risks. Oversee third-party/vendor risk management processes, ensuring proper due diligence and ongoing monitoring. Lead the risk assessment process, identifying emerging risks and control gaps while driving remediation plans.
Compliance Oversight
Oversee internal audit readiness, evidence collection, control testing, and issue remediation for external audits and certifications. Serve as primary liaison with internal and external auditors, certification bodies, and regulatory examiners. Ensure ongoing compliance with HIPAA, GDPR, SOX, and other applicable regulatory frameworks.
Collaboration & Communication
Partner with IT, Cybersecurity, Legal, HR, and business stakeholders to ensure cross-functional alignment on GRC objectives. Provide periodic GRC updates, metrics, and executive-level reporting to senior leadership and the Board as appropriate. Lead security awareness and compliance training programs across the organization.
Continuous Improvement
Continuously evaluate and improve GRC processes, tools, and metrics to increase efficiency, visibility, and organizational maturity. Stay current with evolving regulatory requirements, industry standards, and best practices to proactively adjust the GRC program.
Who You Are
Bachelor’s degree in Information Security, Risk Management, Business Administration, or related field; Master’s degree preferred. 8-10+ years of progressive experience in GRC, information security, compliance, or risk management, with at least 3+ years in a leadership role. Proven experience leading SOC 2 Type II and HITRUST certification efforts. In-depth knowledge of risk management frameworks (NIST, ISO 27001, COSO, etc.) and regulatory requirements (HIPAA, GDPR, SOX, etc.). Strong leadership, project management, and cross-functional collaboration skills. Excellent communication skills with ability to present to executive leadership and external auditors.
Preferred Certifications
Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) HITRUST Certified CSF Practitioner (CCSFP) Certified Information Privacy Professional (CIPP)
Work Environment
Hybrid, on-site, or possibly remote based on business needs.
, , or
The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states.
Pay range
$168,000—$219,000 USD
What We Can Offer You
Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 Certified Great Place to Work in both the US and Israel - a testament to our dynamic, inclusive, and inspiring workplace where passion meets purpose.
About Veracyte
Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The company’s growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The company’s tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. With Veracyte’s exclusive global license to a best-in-class diagnostics instrument platform, the company is positioned to deliver its tests to patients worldwide. Veracyte is based in South San Francisco, California. For more information, please visit www.veracyte.com and follow the company on X (Formerly Twitter).
Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our CCPA Disclosure Notice.
If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to careers@veracyte.com
Seniority level
Seniority level Director Employment type
Employment type Full-time Job function
Job function Finance and Sales Referrals increase your chances of interviewing at Veracyte, Inc. by 2x Sign in to set job alerts for “Risk Director” roles.
California, United States $151,000.00-$170,000.00 1 day ago Director of Product Management, Trust & Safety
Federal |Transportation - Operations Manager
Senior Medical Director - Sharp Health Plan - Hybrid / Remote - Day Shift - Full Time
Assistant Director LCSW LMFT LPCC Permanent Supportive Housing - 602 629 636
Sr. Risk Manager, Sales Abuse, Sales Abuse Prevention
San Diego, CA $111,600.00-$163,100.00 22 hours ago San Diego, CA $170,000.00-$185,000.00 15 hours ago Manager, Talent Acquisition Process & Quality Optimization (Governance, Risk, Compliance)
San Diego, CA $128,300.00-$187,500.00 16 hours ago Group Manager of Strategic Sourcing – Marketing
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Director, Governance, Risk, and Compliance
role at
Veracyte, Inc. Director, Governance, Risk, and Compliance
Join to apply for the
Director, Governance, Risk, and Compliance
role at
Veracyte, Inc. Get AI-powered advice on this job and more exclusive features. At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte – whether it be in one of our labs, corporate offices, the field – enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a results-driven environment that values innovation, collaboration, and compassion.
The Position
We are seeking a highly experienced and strategic
Director of Governance, Risk, and Compliance (GRC)
to lead and mature the organization's GRC program. This role will be responsible for building and overseeing the company’s governance frameworks, risk management processes, and compliance initiatives, including achieving and maintaining SOC 2 Type II and HITRUST certification. The ideal candidate will partner closely with Cybersecurity, Legal, IT, and business leadership to ensure ongoing compliance with regulatory requirements, while managing organizational risk and strengthening overall security posture.
Location: This is a hybrid/onsite position based in our San Diego location.
Based on candidate location, we may consider a remote candidate based in the U.S.
Key Responsibilities
GRC Program Leadership:
Design, implement, and lead the enterprise GRC program, aligning governance, risk, and compliance activities to business objectives. Develop and maintain internal policies, controls, and procedures to meet regulatory and industry standards including SOC 2 Type II, HITRUST, HIPAA, SOX, and applicable privacy regulations. Serve as the primary owner and project lead for SOC 2 Type II and HITRUST readiness, certification, and ongoing compliance maintenance. Act as a key advisor to executive leadership on enterprise risk and compliance posture.
Risk Management
Establish and maintain risk management frameworks to identify, assess, mitigate, and monitor enterprise risks. Oversee third-party/vendor risk management processes, ensuring proper due diligence and ongoing monitoring. Lead the risk assessment process, identifying emerging risks and control gaps while driving remediation plans.
Compliance Oversight
Oversee internal audit readiness, evidence collection, control testing, and issue remediation for external audits and certifications. Serve as primary liaison with internal and external auditors, certification bodies, and regulatory examiners. Ensure ongoing compliance with HIPAA, GDPR, SOX, and other applicable regulatory frameworks.
Collaboration & Communication
Partner with IT, Cybersecurity, Legal, HR, and business stakeholders to ensure cross-functional alignment on GRC objectives. Provide periodic GRC updates, metrics, and executive-level reporting to senior leadership and the Board as appropriate. Lead security awareness and compliance training programs across the organization.
Continuous Improvement
Continuously evaluate and improve GRC processes, tools, and metrics to increase efficiency, visibility, and organizational maturity. Stay current with evolving regulatory requirements, industry standards, and best practices to proactively adjust the GRC program.
Who You Are
Bachelor’s degree in Information Security, Risk Management, Business Administration, or related field; Master’s degree preferred. 8-10+ years of progressive experience in GRC, information security, compliance, or risk management, with at least 3+ years in a leadership role. Proven experience leading SOC 2 Type II and HITRUST certification efforts. In-depth knowledge of risk management frameworks (NIST, ISO 27001, COSO, etc.) and regulatory requirements (HIPAA, GDPR, SOX, etc.). Strong leadership, project management, and cross-functional collaboration skills. Excellent communication skills with ability to present to executive leadership and external auditors.
Preferred Certifications
Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) HITRUST Certified CSF Practitioner (CCSFP) Certified Information Privacy Professional (CIPP)
Work Environment
Hybrid, on-site, or possibly remote based on business needs.
, , or
The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states.
Pay range
$168,000—$219,000 USD
What We Can Offer You
Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 Certified Great Place to Work in both the US and Israel - a testament to our dynamic, inclusive, and inspiring workplace where passion meets purpose.
About Veracyte
Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The company’s growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The company’s tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. With Veracyte’s exclusive global license to a best-in-class diagnostics instrument platform, the company is positioned to deliver its tests to patients worldwide. Veracyte is based in South San Francisco, California. For more information, please visit www.veracyte.com and follow the company on X (Formerly Twitter).
Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our CCPA Disclosure Notice.
If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to careers@veracyte.com
Seniority level
Seniority level Director Employment type
Employment type Full-time Job function
Job function Finance and Sales Referrals increase your chances of interviewing at Veracyte, Inc. by 2x Sign in to set job alerts for “Risk Director” roles.
California, United States $151,000.00-$170,000.00 1 day ago Director of Product Management, Trust & Safety
Federal |Transportation - Operations Manager
Senior Medical Director - Sharp Health Plan - Hybrid / Remote - Day Shift - Full Time
Assistant Director LCSW LMFT LPCC Permanent Supportive Housing - 602 629 636
Sr. Risk Manager, Sales Abuse, Sales Abuse Prevention
San Diego, CA $111,600.00-$163,100.00 22 hours ago San Diego, CA $170,000.00-$185,000.00 15 hours ago Manager, Talent Acquisition Process & Quality Optimization (Governance, Risk, Compliance)
San Diego, CA $128,300.00-$187,500.00 16 hours ago Group Manager of Strategic Sourcing – Marketing
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr