Third-Party Risk Management Manager - Military veterans preferred

2025-09-10
Veracyte
Other

/yr

  employee   contract


South San Francisco
California
94080
United States

At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a purpose driven environment. This is what we call the Veracyte way  its about how we work together, guided by our values, to give clinicians the insights they need to help patients make life-changing decisions. 

Our Values:

  • We Seek A Better Way: We innovate boldly, learn from our setbacks, and are resilient in our pursuit to transform cancer care
  • We Make It Happen: We act with urgency, commit to quality, and bring fun to our hard work
  • We Are Stronger Together: We collaborate openly, seek to understand, and celebrate our wins
  • We Care Deeply: We embrace our differences, do the right thing, and encourage each other

 

The Position:

The TPRM Manager will be responsible for leading the companys Third-Party Risk Management program, evaluating and mitigating risks associated with security, artificial intelligence (AI) systems and data privacy. You will ensure that vendors, suppliers, and partners meet our security, compliance, and operational standards due diligence. You will work closely with IT Security, Legal, Privacy, Procurement, and Business Units to assess risks, drive remediation, and maintain compliance with regulatory requirements (SOC 2, ISO 27001, HIPAA, HITRUST, etc.). The ideal candidate is an experienced, detailed-oriented, and strategic in assessing information technology and security risks.

Key Responsibilities:

Program Ownership

  • Lead the design, implementation, and continuous improvement of the Third-Party Risk Management program.
  • Develop and deploy methods to better identify emerging risks associated with third party vendors
  • Establish TPRM governance policies, standards, and procedures for vendor risk assessment and ongoing monitoring.
  • Drive continuous improvement of the process and lead designing and facilitating tools to streamline TPRM
  • Collaborate and build strong relationships with all key business unit stakeholders to educate on the program and offer advice on security vendor risk mitigation as needed.
  • Perform as a subject matter expert on TPRM with responsibilities to review and assess all vendors onboarding in the organization.
  • Train enterprise wide on TPRM process to ensure compliance with regulatory requirements
  • Contribute to establishing an enterprise risk committee

Vendor Risk Assessments

  • Conduct due diligence and risk assessments on new and existing third-party vendors.
  • Evaluate vendors security and AI controls, compliance certifications, and contractual obligations.
  • Collaborate with business owners to ensure vendors meet security, AI, privacy, and operational requirements.

Monitoring & Reporting

  • Develop and maintain a vendor risk register and reassess vendors based on risk profile
  • Monitor critical vendors for emerging risks, changes in risk posture, and compliance gaps.
  • Provide dashboards, metrics, and executive reporting to leadership and audit committees.

Cross-Functional Collaboration

  • Partner with IT Security, Procurement, Legal, Privacy and Business Units to integrate TPRM into onboarding and procurement workflows.
  • Support internal and external audits with vendor risk management evidence.

Remediation & Continuous Improvement

  • Track remediation activities for vendors with identified risks or findings.
  • Lead initiatives to streamline vendor assessments, automate workflows, and integrate with GRC platforms.
  • Stay current with emerging risks trends (ie AI, Cyber), regulatory updates and best practices.

Who You Are:

  • Bachelors degree in Information Security, Business Administration, Risk Management, or related field.
  • 8+ years of experience in Third Party Vendor Risk Management, IT, AI and Cybersecurity risks, or GRC program management.
  • Familiarity with risk and compliance frameworks (NIST, SOC 2, ISO 27001, HIPAA, HITRUST).
  • Experience with TPRM or GRC platforms (e.g., Archer, OneTrust, ServiceNow GRC, ProcessUnity).
  • Strong analytical and communication skills; ability to influence stakeholders across functions.
  • Experience presenting risk findings and metrics to executives or audit committees.
  • A subject matter expert to identify and address key third party related risks and areas of concerns associated with new and existing third-party vendors
  • Knowledge of assessing vendors AI risks

Preferred Skills:

  • Industry certifications: CTPRP (Certified Third-Party Risk Professional),Certified Regulatory Vendor Program Manager (CRVPM) CISA, CISM, CISSP, CRISC, or similar.
  • Experience in regulated industries such as healthcare, biotech, or financial services.
  • Knowledge of contract negotiation, vendor SLAs, and regulatory obligations.

#LI-Remote

 

The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states.

Pay range
$165,000—$180,000 USD

 

What We Can Offer You

Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions. We are thrilled to be recognized as a 2024 Certified Great Place to Work in both the US and Israel - a testament to our dynamic, inclusive, and inspiring workplace where passion meets purpose.

 

About Veracyte

Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The companys growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The companys tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. With Veracytes exclusive global license to a best-in-class diagnostics instrument platform, the company is positioned to deliver its tests to patients worldwide. Veracyte is based in South San Francisco, California. For more information, please visit www.veracyte.com and follow the company on X (Formerly Twitter).

Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our CCPA Disclosure Notice.

If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to careers@veracyte.com





Equal employment opportunity, including veterans and individuals with disabilities.

PI277912367

 

Save This Job

Email This Job to a Friend

More Jobs For Veterans...