Help us change lives

At Exact Sciences, we're helpingchange how the world prevents, detects and guides treatment for cancer. We give patients and clinicians the clarity needed to make confident decisions when they matter most. Join our team to find a purpose-driven career, an inclusive culture, and robust benefits to support your life while you're working to help others.

Position Overview

At Exact Sciences, we are cancer fighters. We are united by our mission to change lives by providing earlier, smarter answers. Through advances in cancer detection and treatment guidance, we will help eradicate the disease and the suffering it causes. Exact Sciences' CISO Office supports this mission by defending the millions of digital patient, practitioner, and employee lives within ourenvironments. Defending today and securing tomorrow is no small feat. To help achieve this, the team is in search of a cybersecurity governance subject matter expert to join our collaborative team comprised of passionate experts.

The Principal Cybersecurity Governance Analyst reports to the Director of Cybersecurity Strategy & GRC. This role is responsible for leading the ongoing development and evolution of the governance program to enable effective decision-making for the purpose of reducing cybersecurity risks across Exact Sciences and improving the performance of the CISO Office. This is a multi-dimensional role, requiring extensive security and business integration experience with proven capability in both technical skills and cultural awareness to identify, decipher, monitor, and report cybersecurity risks across the organization.

This is a hybrid position: 3 days onsite and flexibility to work 2 days remotely, each week. This position can be supported at any of our office locations (i.e. Madison, WI, San Diego, CA, Redwood City, CA, Cambridge/Boston, MA, or Phoenix, AZ).

Essential Duties

Include, but are not limited to, the following:

• Drive effective utilization of people, processes, and technology resources to enable the organization to deliver its strategy successfully.
• Assist with strategic planning in support of organizational objectives and key results.
• Develop a formal cybersecurity reporting program, to include metrics that track and manage the cybersecurity maturity of the business.
• Ensure consistent branding, messaging, and performance, while leveraging opportunities for collaboration and efficiencies through integrated processes and functions.
• Establish and govern cybersecurity leadership steering committees and BISO program.
• Create executive level presentations and reporting for various global audiences.
• Quantify, document, monitor, and report benefits of organizational maturation and improvement initiatives.
• Own the cybersecurity policy program, driving lifecycle management and program evolution.
• Work with leadership to prioritize initiatives to align with strategic goals.
• Act as a source of direction, training, and guidance for less experienced staff.
• Champion the remediation of visibility and capability gaps and breakdown roadblocks standing in the way of a robust security posture.
• Research and interpret industry insights and best practices, along with interpreting impact of requirements from governing authorities.
• Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
• Support and comply with the company's Quality Management System policies and procedures.
• Maintain regular and reliable attendance.
• Ability to act with an inclusion mindset and model these behaviors for the organization.
• Ability to travel 10% of working time away from work location, may include overnight/weekend travel.

Minimum Qualifications

• Bachelor's Degree in field related to essential duties; or Associate Degree and 2 years of relevant experience; or High School Diploma or General Education Degree (GED) and 4 years of relevant experience.
• 10+ years of professional experience in a cybersecurity governance, risk, compliance, or operations senior level role.
• Demonstrated experience with security risk management and compliance frameworks (e.g., NIST, ISO, HITRUST, HIPAA, PCI, GDPR).
• Experience building, leading, and/or overseeing cybersecurity governance programs in a globally regulated enterprise, with a significant cloud footprint a plus.
• Demonstrable experience building security roadmaps and plans to address identified risks.
• Experience developing cybersecurity metrics and reporting involving various areas and stakeholders.
• Proficient in developing policy program strategy, as well as creating and maintaining policies, standards, and guidance artifacts from ideation to retirement.
• Solid grasp of security governance, risk, and compliance concepts.
• Technically proficient in performing assigned duties at a high-level of independence under minimal supervision while working within a team environment.
• Demonstrated leadership skills, ability to drive change in a complex environment, where you may/may not have formal reporting responsibility.
• Excellent communication skills, appropriately adapting based on audience needs, through all mediums-verbally, written, presentation, and listening.
• Able to be agile and work with ambiguity.
• Relevant certification(s) in the field of cybersecurity, risk, audit, or program/project management.
• Proficient+ in Microsoft Office programs, such as PowerPoint, Excel, Outlook, and Word.
• Demonstrated ability to perform the essential duties of the position with or without accommodation.
• Authorization to work in the United States without sponsorship.

Preferred Qualifications

• 12+ years of professional experience in a cybersecurity governance, risk, compliance, or operations senior level role; including 2+ years of accountability leading security program(s).
• Advanced proficiency in organizational transformation.
• Experience with enterprise GRC management platforms (e.g., ServiceNow, OneTrust); implementation experience a plus.
• Experience in healthcare or biotech industries.

#LI-VZ1

Salary Range:

Exact Sciences is proud to offer an employee experience that includes paid time off (including days for vacation, holidays, volunteering, and personal time), paid leave for parents and caregivers, a retirement savings plan, wellness support, and health benefits including medical, prescription drug, dental, and vision coverage. Learn more about our .

Our success relies on the experiences and perspectives of a diverse team, and Exact Sciences fosters a culture where all employees can develop personally and professionally with a sense of respect and belonging. If you require an accommodation, email We'll work with you to meet your accessibility needs.

Not ready to apply? Join our and stay up to date on what's new at Exact Sciences.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to age, color, creed, disability, gender identity, national origin, protected veteran status, race, religion, sex, sexual orientation, and any other status protected by applicable local, state, or federal law. Any applicant or employee may request to view applicable portions of the company's affirmative action program.

To view the Right to Work, E-Verify Employer, and Pay Transparency notices and Federal, Federal Contractor, and State employment law posters, visit our . The documents summarize important details of the law and provide key points that you have a right to know.