Requirements: English
Company: Exact Sciences
Region: Sulejowek , Masovian Voivodeship
Help us change lives
At Exact Sciences, were helpingchange how the world prevents, detects and guides treatment for cancer. We give patients and clinicians the clarity needed to make confident decisions when they matter most. Join our team to find a purpose-driven career, an inclusive culture, and robust benefits to support your life while youre working to help others.
Position Overview
At Exact Sciences, we are cancer fighters. We are united by our mission to change lives by providing earlier, smarter answers. Through advances in cancer detection and treatment guidance, we will help eradicate the disease and the suffering it causes. Exact Sciences Cybersecurity organization supports this mission by defending the millions of digital patient, practitioner, and employee lives within our environments. Defending today and securing tomorrow is no small feat. To help achieve this, the team is in search of a cybersecurity compliance subject matter expert to join our collaborative team comprised of passionate experts.
The Senior Cybersecurity Compliance Leader II will report to the Director of Cybersecurity Strategy & GRC. This role will be responsible for leading the international cybersecurity compliance efforts for the enterprise as well as supporting international cybersecurity engineering, SOC and incident management responsibilities.
Essential Duties
Include, but are not limited to, the following:
- Lead international cybersecurity compliance initiatives for Exact Sciences, including managing the planning, coordination, and execution of self, internal, and external cybersecurity compliance audits to support the foundational, regulatory, and market-driven compliance requirements.
- Lead the continued advancement of the international cybersecurity & IT compliance program through continual controls environment evaluation, relative to industry best practices and regulatory requirements, in alignment with the risk appetite and business requirements.
- Collaborate with various stakeholders across the organization to manage the lifecycle of security controls, including the design and implementation of new controls, modifications to existing controls, and the retirement of obsolete controls.
- Partner with the Global Privacy team to drive the Information Security Management System (ISMS) and Privacy Information Security Management System (PIMS) programs delivery.
- Translate cybersecurity governance and compliance requirements, as needed, to international stakeholders.
- Assist in coordinating cybersecurity incidents that affect international personnel and services with the enterprise Cybersecurity Incident Response Team, including assisting the team in managing resources and personnel required to handle international cybersecurity incidents effectively.
- Help support, configure, and test cybersecurity toolset(s) in the international environments, as needed.
- Partner with leadership to prioritize initiatives to align with strategic goals.
- Enable the maturation of the cybersecurity program functions within the cybersecurity team and with key business partners.
- Act as a source of direction, training, and guidance for less experienced staff.
- Champion the remediation of visibility and capability gaps and breakdown roadblocks standing in the way of a robust security posture.
- Drive education on cybersecurity methodologies with international stakeholders.
- Research and interpret industry insights and best practices, along with interpreting impact of requirements from governing authorities.
- Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
- Support and comply with the companys Quality Management System policies and procedures.
- Maintain regular and reliable attendance.
- Ability to act with an inclusion mindset and model these behaviors for the organization.
- Ability to travel 10% of working time away from work location, may include overnight/weekend travel.
Minimum Qualifications
- Masters degree in sciences, Computer Science, Management Information Systems, or related field as outlined in the essential duties; or bachelors degree in sciences, Computer Science, Management Information Systems, or related field and 4 years of relevant experience as outlined in the essential duties in lieu of Masters Degree.
- Fluency in the English language (C1 or above per CEFR framework).
- 7+ years of progressive professional compliance experience with security, IT, and/or privacy authoritative sources (e.g., ISO, GDPR, NIS Directive, COBIT, CSA, NIST).
- Experience leading cybersecurity governance, risk, and/or compliance progra