Sr Cybersecurity Compliance Leader II, Poland

Help us change lives

At Exact Sciences, we’re helping change how the world prevents, detects and guides treatment for cancer. We give patients and clinicians the clarity needed to make confident decisions when they matter most. Join our team to find a purpose-driven career, an inclusive culture, and robust benefits to support your life while you’re working to help others.

Position Overview

At Exact Sciences, we are cancer fighters. We are united by our mission to change lives by providing earlier, smarter answers. Through advances in cancer detection and treatment guidance, we will help eradicate the disease and the suffering it causes. Exact Sciences’ Cybersecurity organization supports this mission by defending the millions of digital patient, practitioner, and employee lives within our environments. Defending today and securing tomorrow is no small feat. To help achieve this, the team is in search of a cybersecurity compliance subject matter expert to join our collaborative team comprised of passionate experts.

The Senior Cybersecurity Compliance Leader II will report to the Director of Cybersecurity Strategy & GRC. This role will be responsible for leading the international cybersecurity compliance efforts for the enterprise as well as supporting international cybersecurity engineering, SOC and incident management responsibilities.

Essential Duties

Include, but are not limited to, the following:

• Lead international cybersecurity compliance initiatives for Exact Sciences, including managing the planning, coordination, and execution of self, internal, and external cybersecurity compliance audits to support the foundational, regulatory, and market-driven compliance requirements.
• Lead the continued advancement of the international cybersecurity & IT compliance program through continual controls environment evaluation, relative to industry best practices and regulatory requirements, in alignment with the risk appetite and business requirements.
• Collaborate with various stakeholders across the organization to manage the lifecycle of security controls, including the design and implementation of new controls, modifications to existing controls, and the retirement of obsolete controls.
• Partner with the Global Privacy team to drive the Information Security Management System (ISMS) and Privacy Information Security Management System (PIMS) programs delivery.
• Translate cybersecurity governance and compliance requirements, as needed, to international stakeholders.
• Assist in coordinating cybersecurity incidents that affect international personnel and services with the enterprise Cybersecurity Incident Response Team, including assisting the team in managing resources and personnel required to handle international cybersecurity incidents effectively.
• Help support, configure, and test cybersecurity toolset(s) in the international environments, as needed.
• Partner with leadership to prioritize initiatives to align with strategic goals.
• Enable the maturation of the cybersecurity program functions within the cybersecurity team and with key business partners.
• Act as a source of direction, training, and guidance for less experienced staff.
• Champion the remediation of visibility and capability gaps and breakdown roadblocks standing in the way of a robust security posture.
• Drive education on cybersecurity methodologies with international stakeholders.
• Research and interpret industry insights and best practices, along with interpreting impact of requirements from governing authorities.
• Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
• Support and comply with the company’s Quality Management System policies and procedures.
• Maintain regular and reliable attendance.
• Ability to act with an inclusion mindset and model these behaviors for the organization.
• Ability to travel 10% of working time away from work location, may include overnight/weekend travel.

Minimum Qualifications

• Master’s degree in sciences, Computer Science, Management Information Systems, or related field as outlined in the essential duties; or bachelor’s degree in sciences, Computer Science, Management Information Systems, or related field and 4 years of relevant experience as outlined in the essential duties in lieu of Master’s Degree.
• Fluency in the English language (C1 or above per CEFR framework).
• 7+ years of progressive professional compliance experience with security, IT, and/or privacy authoritative sources (e.g., ISO, GDPR, NIS Directive, COBIT, CSA, NIST).
• Experience leading cybersecurity governance, risk, and/or compliance programs in a globally regulated enterprise.
• Experience assessing control design effectiveness and operation, including risk mitigation.
• Experience presenting compliance and risk mitigation concepts and controls rationalization to internal and external stakeholders.
• Solid grasp of cybersecurity and privacy governance, risk, and compliance concepts.
• Customer-centric mindset with the ability to develop and apply complex concepts using strong analytical skills.
• Technically proficient in performing assigned duties at a high-level of independence under minimal supervision while working within a team environment.
• Demonstrated leadership skills, ability to drive change in a complex environment, where you may/may not have formal reporting responsibility.
• Excellent communication skills, appropriately adapting based on audience needs, through all mediums–verbally, written, presentation, and listening.
• Able to be agile and work with ambiguity.
• Proficient+ in Microsoft Office programs, such as PowerPoint, Excel, Outlook, and Word.
• Demonstrated ability to perform the essential duties of the position with or without accommodation.
• Authorization to work in Poland without sponsorship.

Preferred Qualifications

• Relevant certification(s) in the field of cybersecurity, risk, audit, or program/project management.
• Demonstratable experience in an audit-related role with an emphasis on cybersecurity compliance, operations, and/or security controls.
• Experience coordinating cybersecurity incidents that affect international personnel and services.
• Experience supporting, configuring, and/or testing cybersecurity toolset(s).
• Experience managing and/or implementing enterprise GRC management platforms (e.g., ServiceNow).
• Experience in molecular biology, genomics, translational science, and/or personalized medicine. 
• Superior technical communication skills.
• Knowledge of other European languages (French, German, Italian, Polish, Spanish) and/or Japanese.

Our success relies on the experiences and perspectives of a diverse team, and Exact Sciences fosters a culture where all employees can develop personally and professionally with a sense of respect and belonging. If you require an accommodation, please contact us here.

Not ready to apply? Join our Talent Community to stay updated on the latest news and opportunities at Exact Sciences.