Senior Cybersecurity Risk Remediation Analyst
Help us change lives
At Exact Sciences, weâre helping change how the world prevents, detects and guides treatment for cancer. We give patients and clinicians the clarity needed to make confident decisions when they matter most. Join our team to find a purpose-driven career, an inclusive culture, and robust benefits to support your life while youâre working to help others.
Position Overview
At Abbott Cancer Diagnostics, we are cancer fighters. We are united by our mission to change lives by providing earlier, smarter answers. Through advances in cancer detection and treatment guidance, we will help eradicate the disease and the suffering it causes. Cancer Diagnostics' Cybersecurity organization supports this mission by defending the millions of digital patient, practitioner, and employee lives within our environments. Defending today and securing tomorrow is no small feat. To help achieve this, the team is in search of a cybersecurity risk management subject matter expert to join our collaborative team comprised of passionate experts.
âThe Senior Cybersecurity Risk Remediation Analyst, reports to the Director of Cybersecurity Strategy & GRC. This role serves as the central coordination point for enterprise cybersecurity remediation efforts arising from risk assessments, vulnerability management, penetration testing, compliance activities, security incidents, audits, and other cybersecurity assurance functions. This role requires a deep understanding of security and IT risk principles, processes, and practices, combined with the ability to integrate security into business operations
Success in this role will be measured by the ability to drive cybersecurity risks to resolution through effective coordination, stakeholder engagement, and sustained remediation efforts.
This role requires regular onsite work in Madison, WI.
Essential Duties
Include, but are not limited to, the following:
- Partner with technical teams and risk owners to coordinate remediation of cybersecurity findings across multiple domains, including vulnerability management, penetration testing, compliance assessments, security incidents, and other risk management activities. Work collaboratively with technical stakeholders to evaluate remediation options, challenge assumptions where appropriate, monitor progress, and drive timely closure of remediation efforts.
- Maintain visibility into enterprise cybersecurity risks by ensuring remediation activities, milestones, and status updates are accurately tracked and communicated.
- Translate cybersecurity findings into actionable remediation plans with defined owners, milestones, and measurable outcomes.
- Aggregate, evaluate, and report on cybersecurity risks and remediation progress to support management and leadership decision-making.
- Build trusted relationships with stakeholders to facilitate remediation planning, remove obstacles, and drive timely risk treatment activities.
- Support the delivery of risk management education by preparing materials, reinforcing frameworks, and responding to stakeholder questions.
- Support the delivery of risk management education by preparing materials, reinforcing frameworks, and responding to stakeholder questions.
- Identify remediation barriers, facilitate decision-making with stakeholders, and escalate risks that threaten remediation timelines or business objectives.
- Partner with leadership to prioritize cybersecurity remediation initiatives based on business risk, strategic objectives, and organizational capacity
- Act as a resource providing training, guidance, and mentoring to less experienced staff.
- Collaborate with stakeholders to remove roadblocks, coordinate cross-functional remediation efforts, and improve the organization's overall security posture
- Drive accountability for cybersecurity remediation by following up with risk owners, monitoring milestones, escalating delays, and ensuring remediation efforts remain on track through completion.
- Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
- Support and comply with the companyâs Quality Management System policies and procedures.
- Maintain regular and reliable attendance.
- Ability to act with an inclusion mindset and model these behaviors for the organization.
- Ability to travel 10% of working time away from work location, may include overnight/weekend travel.
Minimum Qualifications
- Bachelorâs Degree in field related to essential duties; or Associate Degree and 2 years of relevant experience; or High School Diploma or General Education Degree (GED) and 4 years of relevant experience.
- 6+ years of professional experience in a cybersecurity or IT governance, risk, compliance, or operations role.
- 1+ years of experience with cybersecurity risk management.
- Demonstrated experience with security risk management and compliance frameworks (e.g., NIST, ISO, HIPAA).
- Experience evaluating risk rating methodologies to appropriately convey the enterprise cybersecurity posture.
- Demonstrable experience conducting risk assessments and facilitating executive level risk discussions.
- Experience managing cybersecurity risks through the risk management lifecycle, in a globally regulated enterprise a plus.
- Solid grasp of security governance, risk, and compliance concepts.
- Technically proficient in performing assigned duties at a high-level of independence under minimal supervision while working within a team environment.
- Demonstrated leadership skills, ability to influence outcomes in a complex environment, where you may/may not have formal reporting responsibility.
- Excellent communication skills, appropriately adapting based on audience needs, through all mediumsâverbal, written, presentation, and listening.
- Able to be agile and work with ambiguity.
- Proficient+ in Microsoft Office programs, such as PowerPoint, Excel, Outlook, and Word.
- Demonstrated ability to perform the essential duties of the position with or without accommodation.
- Authorization to work in the United States without sponsorship.
Preferred Qualifications
- Relevant certification(s) in the field of cybersecurity, risk, audit, or program/project management.
- Experience contributing to the build and continuous improvement of the risk management environment, in a globally regulated enterprise strongly preferred.
- Experience with enterprise GRC management platforms (e.g., ServiceNow, OneTrust); implementation experience a plus.
- Advanced program or project management experience coordinating complex cybersecurity initiatives involving multiple technical and business stakeholders
- Experience in healthcare or biotech industries.
Salary Range:
$101,000.00 - $172,000.00Â
The annual base salary shown is for this position located in US - WI - Madison on a full-time basis. In addition, this position is bonus eligible.Exact Sciences is proud to offer an employee experience that includes paid time off (including days for vacation, holidays, volunteering, and personal time), paid leave for parents and caregivers, a retirement savings plan, wellness support, and health benefits including medical, prescription drug, dental, and vision coverage. Learn more about our benefits.
Our success relies on the experiences and perspectives of a diverse team, and Exact Sciences fosters a culture where all employees can develop personally and professionally with a sense of respect and belonging. If you require an accommodation, please contact us here.
Not ready to apply? Join our Talent Community to stay updated on the latest news and opportunities at Exact Sciences.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, protected veteran status, and any other status protected by applicable local, state, or federal law.
To view the Right to Work, E-Verify Employer, and Pay Transparency notices and Federal, Federal Contractor, and State employment law posters, visit our compliance hub. The documents summarize important details of the law and provide key points that you have a right to know.