Veracyte, Inc.

Third-Party Risk Manager

Veracyte, Inc.

full-time

Posted on:

Origin:  • 🇺🇸 United States • California

Visit company website
AI Apply
Apply

Salary

💰 $165,000 - $180,000 per year

Job Level

SeniorLead

Tech Stack

Cyber SecurityServiceNow

About the role

  • Lead the design, implementation, and continuous improvement of the Third-Party Risk Management program
  • Develop methods to identify emerging third-party risks and establish governance policies, standards, and procedures
  • Conduct due diligence and risk assessments on new and existing third-party vendors, evaluating security, AI controls, and compliance certifications
  • Collaborate with IT Security, Legal, Privacy, Procurement, and Business Units to assess risks and drive remediation
  • Maintain and monitor a vendor risk register, reassessing vendors based on risk profile and providing dashboards and executive reporting
  • Partner with stakeholders to integrate TPRM into onboarding and procurement workflows and support audits
  • Track remediation activities, lead initiatives to streamline assessments and integrate with GRC platforms, and stay current with emerging risk trends

Requirements

  • Bachelor’s degree in Information Security, Business Administration, Risk Management, or related field
  • 8+ years of experience in Third Party Vendor Risk Management, IT, AI and Cybersecurity risks, or GRC program management
  • Familiarity with risk and compliance frameworks (NIST, SOC 2, ISO 27001, HIPAA, HITRUST)
  • Experience with TPRM or GRC platforms (e.g., Archer, OneTrust, ServiceNow GRC, ProcessUnity)
  • Strong analytical and communication skills; ability to influence stakeholders across functions
  • Experience presenting risk findings and metrics to executives or audit committees
  • Subject matter expert in identifying and addressing third-party related risks
  • Knowledge of assessing vendors’ AI risks
  • Preferred: Industry certifications (CTPRP, CRVPM, CISA, CISM, CISSP, CRISC) and experience in regulated industries (healthcare, biotech, financial services)
  • Knowledge of contract negotiation, vendor SLAs, and regulatory obligations