Invitae makes it easy to access your genetic information, so you can take control of your health.
San Francisco, CA

Senior Information Security Governance & Compliance Manager at Invitae

| San Francisco, CA
Sorry, this job was removed at 7:35 p.m. (CST) on Friday, February 4, 2022
Find out who's hiring remotely in San Francisco, CA.
See all Remote Operations jobs in San Francisco, CA
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leading the transformation of the genetics industry, by making genetic testing affordable and accessible for everyone to guide health decisions across all stages of life.

As a Senior Information Security Governance and Compliance Manager, you will identify, manage, and report on the company’s security, regulatory, and compliance obligations. Responsibilities will include performing reviews, assessments, and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.


  • Develop, review, and modify information security and privacy policies.
  • Improve existing compliance programs and processes.
  • Serve as the subject matter expert for ISO-27001, SOC 1, SOC 2, PCI DSS, and other internal compliance programs
  • Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
  • Monitor advancements in information privacy laws to ensure organizational adaptation and compliance.
  • Evaluate security incidents for violations of privacy principles or legal standards.
  • Manage compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.
  • Conduct internal security risk assessments and security compliance audits.
  • Establish IT security audit procedures relevant to security frameworks and client requests
  • Assist external auditors and conduct internal audits as required
  • Coordinate third-party audits.
  • Develop materials and tools to effectively communicate compliance and corporate requirements.
  • Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.
  • Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
  • Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
  • Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
  • Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
  • Liaise with relevant parties to commission activities related to contingency planning, business continuity management, and IT disaster recovery.
  • Assist the Business team in responding to RFPs and security questionnaires; maintain a library of security and compliance RFP responses.


  • Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as SOC 2, ISO 27001, PCI-DSS, HITRUST, HIPAA.
  • The ability to work in a fast-paced environment and the skills to deal with ambiguity.
  • Experience with IT governance, risk, and compliance management.
  • Experience coordinating tasks to complete third party assessments.
  • Experience writing policies, procedures, and controls in one or more standards/frameworks.
  • Knowledge of risk management processes, in both a compliance and security context.
  • Knowledge of cyber threats and vulnerabilities.
  • Ability to handle multiple competing priorities.


  • 5+ years of experience implementing information security risk, governance, and control frameworks such as ISO-27001, SOC1, SOC2 and PCI DSS.
  • 5+ years of experience of familiarity with security related activities such as: penetration testing, security boundary reviews (eg. Firewall rules, AWS security groups/IAM, etc.)
  • 3+ years of proven experience working effectively with distributed teams across North America and/or India and other countries around the globe
  • CISM or CISA
  • ISO 27001 Implementer / Auditor

Preferred Qualifications:

  • Experience successfully implementing strong DevSecOps practices
  • Detail oriented and experience balancing multiple tasks and deadlines
  • Ability to interact with internal and external stakeholders at executive level

Professional Skill Requirements:

  • Excellent written and verbal communication skills
  • Strong organizational skills
  • Excellent analytical, problem-solving, and decision-making abilities
  • Able to effectively prioritize tasks in a high-pressure environment
  • Ability to perform at a high level within a technical team
  • Ability to work independently with minimal supervision

At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

See More
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PHPLanguages
    • PythonLanguages
    • SqlLanguages

What are Invitae Perks + Benefits

Invitae Benefits Overview

At Invitae, our employees are the key to our continued success. Our culture is one of our most important strengths. A set of commitments we make to each other and to our customers to build a world-class organization in service of our mission. That is why Invitae proudly offers comprehensive perks and benefits program with choice and flexibility in mind.

Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Dedicated Diversity/Inclusion Staff
Unconscious bias training
Diversity manifesto
Mean gender pay gap below 10%
Diversity Employee Resource Groups
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Team workouts
Mental Health Benefits
Retirement & Stock Options Benefits
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Paid Sick Days
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Free Daily Meals
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Pet Friendly
Recreational Clubs
Home Office Stipend for Remote Employees
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program

More Jobs at Invitae