Director, Governance, Risk, and Compliance at Veracyte

We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Director, Governance, Risk, and Compliance at Veracyte. Location Information: Remote ; San Diego, California, United States. . At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte – whether it be in one of our labs, corporate offices, the field – enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a results-driven environment that values innovation, collaboration, and compassion.. The Position:. . We are seeking a highly experienced and strategic . Director of Governance, Risk, and Compliance (GRC). to lead and mature the organization's GRC program. This role will be responsible for building and overseeing the company’s governance frameworks, risk management processes, and compliance initiatives, including achieving and maintaining SOC 2 Type II and HITRUST certification. The ideal candidate will partner closely with Cybersecurity, Legal, IT, and business leadership to ensure ongoing compliance with regulatory requirements, while managing organizational risk and strengthening overall security posture.. . . Location: This is a hybrid/onsite position based in our San Diego location. . . Based on candidate location, we may consider a remote candidate based in the U.S.. . . Key Responsibilities:. . GRC Program Leadership:. . . Design, implement, and lead the enterprise GRC program, aligning governance, risk, and compliance activities to business objectives.. . Develop and maintain internal policies, controls, and procedures to meet regulatory and industry standards including SOC 2 Type II, HITRUST, HIPAA, SOX, and applicable privacy regulations.. . Serve as the primary owner and project lead for SOC 2 Type II and HITRUST readiness, certification, and ongoing compliance maintenance.. . Act as a key advisor to executive leadership on enterprise risk and compliance posture.. . . Risk Management:. . . Establish and maintain risk management frameworks to identify, assess, mitigate, and monitor enterprise risks.. . Oversee third-party/vendor risk management processes, ensuring proper due diligence and ongoing monitoring.. . Lead the risk assessment process, identifying emerging risks and control gaps while driving remediation plans.. . . Compliance Oversight:. . . Oversee internal audit readiness, evidence collection, control testing, and issue remediation for external audits and certifications.. . Serve as primary liaison with internal and external auditors, certification bodies, and regulatory examiners.. . Ensure ongoing compliance with HIPAA, GDPR, SOX, and other applicable regulatory frameworks.. . . Collaboration & Communication:. . . Partner with IT, Cybersecurity, Legal, HR, and business stakeholders to ensure cross-functional alignment on GRC objectives.. . Provide periodic GRC updates, metrics, and executive-level reporting to senior leadership and the Board as appropriate.. . Lead security awareness and compliance training programs across the organization.. . . Continuous Improvement:. . . Continuously evaluate and improve GRC processes, tools, and metrics to increase efficiency, visibility, and organizational maturity.. . Stay current with evolving regulatory requirements, industry standards, and best practices to proactively adjust the GRC program.. . . . Who You Are:. . . . Bachelor’s degree in Information Security, Risk Management, Business Administration, or related field; Master’s degree preferred.. . 8-10+ years of progressive experience in GRC, information security, compliance, or risk management, with at least 3+ years in a leadership role.. . Proven experience leading SOC 2 Type II and HITRUST certification efforts.. . In-depth knowledge of risk management frameworks (NIST, ISO 27001, COSO, etc.) and regulatory requirements (HIPAA, GDPR, SOX, etc.).. . Strong leadership, project management, and cross-functional collaboration skills.. . Excellent communication skills with ability to present to executive leadership and external auditors.. . . Preferred Certifications:. . . Certified Information Systems Auditor (CISA). . Certified Information Systems Security Professional (CISSP). . Certified in Risk and Information Systems Control (CRISC). . HITRUST Certified CSF Practitioner (CCSFP). . Certified Information Privacy Professional (CIPP). . . Work Environment:. . . Hybrid, on-site, or possibly remote based on business needs.. . . #LI-Onsite, #LI-Hybrid, or . #LI-Remote. . . The final . salary. offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states.. Pay range$168,000—$219,000 USD. . . What We Can Offer You. . Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 CertifiedTM Great Place to Work® in both the US and Israel - a testament to our dynamic, inclusive, and inspiring workplace where passion meets purpose.. . . . About Veracyte. . Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The company’s growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The company’s tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. With Veracyte’s exclusive global license to a best-in-class diagnostics instrument platform, the company is positioned to deliver its tests to patients worldwide. Veracyte is based in South San Francisco, California. For more information, please visit . www.veracyte.com. and follow the company on . X (Formerly Twitter). .. . Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our . CCPA Disclosure Notice. .. . If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to . [email protected]. .