Veracyte
Veracyte

Manager, IT & Cybersecurity GRC

operationsfull-timeRemote
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
healthcare
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

The Position:

The Manager, IT & Cybersecurity GRC (Governance, Risk, and Compliance) leads the design, execution, and continuous improvement of enterprise technology controls and risk management programs. This role is accountable for managing IT SOX compliance, advancing enterprise risk management (ERM) initiatives, and strengthening cybersecurity governance across a highly regulated environment. You will partner cross‑functionally to translate risk into actionable insights, elevate control maturity, and support business growth while ensuring regulatory alignment.

This is a highly visible role that combines strong technical expertise with people leadership, program ownership, and strategic influence across Finance, Internal Audit, Engineering, and Executive leadership.

Core Responsibilities

  • Lead and execute the IT SOX program, including annual scoping, risk assessments, control design, testing strategy, and deficiency remediation
  • Own and continuously improve the IT General Controls (ITGC) framework (Access, Change Management, Operations, SDLC) ensuring alignment with SOX and COSO standards
  • Serve as the primary liaison to Internal and External Audit, driving efficient audit execution and high-quality outcomes
  • Partner closely with Finance and Internal Audit to co-develop control narratives, risk assessments, and audit committee materials
  • Drive the evolution of the Enterprise Risk Management (ERM) program for IT and Cybersecurity risks, including facilitating cross-functional risk workshops and maintaining the enterprise risk register
  • Translate technical risks into business-relevant insights and provide clear reporting to executive stakeholders, including the CIO and Audit Committee
  • Lead risk lifecycle activities including risk identification, assessment, mitigation planning, and ongoing monitoring
  • Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and inform decision-making
  • Author and maintain IT and cybersecurity policies, standards, and procedures to ensure compliance with regulatory and industry frameworks
  • Evaluate and integrate GRC tools, automation, and analytics to enhance control monitoring and reporting capabilities
  • Review and assess third-party risk through SOC1/SOC2 and other service provider assurance reports
  • Lead and develop a small team (or provide functional leadership), fostering growth, accountability, and high performance
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $15/mo. Cancel anytime.
Get AutoApply
Apply now
Manager, IT & Cybersecurity GRC at Veracyte — Remote