Guardant Health is a leading precision oncology company focused on helping conquer cancer globally through use of its proprietary blood tests, vast data sets and advanced analytics. Its Guardant Health Oncology Platform is designed to leverage its capabilities in technology, clinical development, regulatory and reimbursement to drive commercial adoption, improve patient clinical outcomes and lower healthcare costs. In pursuit of its goal to manage cancer across all stages of the disease, Guardant Health has launched multiple liquid biopsy-based tests, Guardant360® and GuardantOMNI® , for advanced stage cancer patients, which fuel its LUNAR program, which aims to address the needs of early stage cancer patients with neoadjuvant and adjuvant treatment selection, cancer survivors with surveillance, asymptomatic individuals eligible for cancer screening and individuals at a higher risk for developing cancer with early detection. Since its launch in 2014, Guardant360® has been used by more than 7,000 oncologists, over 50 biopharmaceutical companies and all 27 of the National Comprehensive Cancer Network centers.

This role works out of our Headquarters in Redwood City, CA.

Due to the Covid 19 Pandemic Guardant Health has temporarily classified this role as ‘working from home status’, scheduled to return onsite at HQ when it is determined safe to do so.

The position:

Guardant Health is currently seeking an IT Risk & Compliance Manager to join our IT team. This position will be responsible for managing the day to day operations activities of the IT compliance deliverables and support the company’s mission & strategic plans to further the company objectives and drive results for IT Risk & Governance and SOX Compliance.

The Manager will be responsible for identifying, assessing and reporting on IT and Security risks in a manner that meets legal and regulatory requirements. Specifically, the Manager will be responsible for performing and managing IT risk assessments, IT compliance assessments, and IT audits (internal and external) spanning various compliance frameworks and working with internal teams and management. In addition to conducting assessments, the Manager should be able to assist with the design and implementation of programs for SOX IT General Controls (ITGC), SOX IT Application Controls (ITAC), System Development Life Cycle (SDLC), and FDA ITGC and Information Security, or any sub-component of each program.

What you will do:

• Provide direction and expertise in the following areas: IT compliance, risk management and internal controls related to IT and SOX compliance, information security, and software architecture and development at Guardant
• Manage all IT Compliance initiatives (SOX, FDA, HiPAA) inclusive of working with program/project managers to develop project plans and prioritization strategies, and manage third party compliance auditors, assessors and consultants
• Make recommendations and implement improvements as needed to ensure compliance with company policies, standards, and guidelines
• Collaborate cross-functionally with technology teams to co-develop solutions and strategies to embed compliance requirements rather than retrofit
• Track compliance plans and actions through completion, and advise course corrections as needed
• Update/Communicate IT compliance requirements, standards, timing and initiatives to control owners and stakeholders
• Stay up to date with revisions to existing and emerging regulations that will impact Guardant Health’s IT systems and data
• Conduct training for technology professionals on regulations, frameworks and compliance best practices

Who we are looking for:

• A person who is passionate about embracing change, working with diverse and unique personalities, prioritizing practical and adaptable solutions in a SAAS world, and understanding everyday brings a new challenge
• 5 years of risk and compliance experience performing SOX ITGC & ITAC assessments, plus assessments for either ISO 27001 and/or HIPAA
• Knowledge of key IT processes such as waterfall/agile SDLC methods, ITSM, change control, application/system monitoring and DR/BCP procedures and planning
• Advanced knowledge of common IT application and security concepts including: application management (ERP), access control and authentication, change management, logging and privileged access roles such as system administrator for applications and infrastructure
• Experience in IT & security policy frameworks and control design, including HIPAA, HiTRUST, COSO, and COBIT Frameworks
• Experience working with ERP and GRC systems (Oracle, SAP) and infrastructure supporting multiple platforms
• Cybersecurity experience would be a plus
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls, and actively assist in planning and managing remediation action plans
• Experience communicating effectively across business and technical boundaries in order to offer recommendations as an expert with best practices
• Experience working cross-functionally with multiple stakeholders, external audit and senior management
• Ability to work independently without detailed guidance 
• Ability to engage and drive creative and practical solutions in an environment of constant transformation
• Proficiency in writing executive level reports and presenting information at all levels of the organization
• Appreciation of the perspective of customers, patients and other stakeholders with regards to custody of PII, PHI and other sensitive data

 Preferred experience:

• Knowledge of at least two of the following compliance frameworks and/or standards:
  • SOX with SOC1/SOC 2
  • NIST 800 - 53
  • AICPA SOC 1 & 2
  • ISO 27001/2
  • HIPAA / HITRUST /HITECH
  • GDPR / CCPA
  • ITIL
  • COSO / COBIT
• IT Project Management or Project Team Lead experience

Required Certification:

• Must have at least one of the following certifications:
  • (ISC)2 Certified Information System Security Professional (CISSP)
  • ISACA Certified Information Security Manager (CISM)
  • CompTIA Security+
  • ISACA Certified Information Systems Auditor (CISA)
  • Certified ISO 27001 Lead Implementer
  • IIA Certified Internal Auditor (CIA)
  • IT Infrastructure Library (ITIL)

Guardant Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

All your information will be kept confidential according to EEO guidelines.

Please visit our career page at: http://www.guardanthealth.com/jobs/

To learn more about the information collected when you apply for a position at Guardant Health, Inc. and how it is used, please review our Privacy Notice for Job Applicants.

#LI-LI1