Veracyte, Inc.Remote
Manager, IT & Cybersecurity GRC
United States
Full Time
19 hours ago
$145,000 - $155,000 USD
No Visa Sponsorship
Key skills
Cyber SecuritySDLCAnalyticsLeadershipRisk ManagementMentoringChange Management
About this role
Role Overview
- Lead and execute the IT SOX program, including annual scoping, risk assessments, control design, testing strategy, and deficiency remediation
- Own and continuously improve the IT General Controls (ITGC) framework (Access, Change Management, Operations, SDLC) ensuring alignment with SOX and COSO standards
- Serve as the primary liaison to Internal and External Audit, driving efficient audit execution and high-quality outcomes
- Partner closely with Finance and Internal Audit to co-develop control narratives, risk assessments, and audit committee materials
- Drive the evolution of the Enterprise Risk Management (ERM) program for IT and Cybersecurity risks, including facilitating cross-functional risk workshops and maintaining the enterprise risk register
- Translate technical risks into business-relevant insights and provide clear reporting to executive stakeholders, including the CIO and Audit Committee
- Lead risk lifecycle activities including risk identification, assessment, mitigation planning, and ongoing monitoring
- Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and inform decision-making
- Author and maintain IT and cybersecurity policies, standards, and procedures to ensure compliance with regulatory and industry frameworks
- Evaluate and integrate GRC tools, automation, and analytics to enhance control monitoring and reporting capabilities
- Review and assess third-party risk through SOC1/SOC2 and other service provider assurance reports
- Lead and develop a small team (or provide functional leadership), fostering growth, accountability, and high performance
- Drive cross-functional initiatives and special projects that strengthen governance, risk posture, and operational resilience
Requirements
- 6+ years of progressive experience in integrated audit, regulatory compliance, cybersecurity GRC, or risk management
- Demonstrated experience owning and executing IT SOX / ITGC programs within a public company or SOX-regulated environment
- Hands-on experience with risk management frameworks (COSO, NIST RMF, ISO 27001/27005 or similar)
- Proven ability to lead cross-functional initiatives and drive alignment across Finance, Audit, Engineering, and Security teams
- Experience managing audits and serving as a primary point of contact for auditors
- Strong analytical and problem-solving skills with the ability to assess complex risks and design effective controls
- Experience mentoring or leading others, with a track record of developing talent and fostering strong team engagement
- Bachelor’s Degree in Accounting, Information Systems, Cybersecurity, or a related field
Tech Stack
- Cyber Security
- SDLC
Benefits
- Competitive compensation and benefits