Lead, Third Party Risk Management (TPRM)

Help us change lives

At Exact Sciences, we're helpingchange how the world prevents, detects and guides treatment for cancer. We give patients and clinicians the clarity needed to make confident decisions when they matter most. Join our team to find a purpose-driven career, an inclusive culture, and robust benefits to support your life while you're working to help others.

Position Overview

The Lead TPRM will be responsible for redesigning, implementing, and continuously improving the Third-Party Risk Management program across Exact Sciences. This role will serve as a central point of coordination between privacy, cybersecurity, quality, procurement and other due diligenceteams to ensure third-party engagements meet regulatory, compliance, and internal policy requirements. The role will also support broader Enterprise Risk Management (ERM) efforts by aligning third-party risk practices with enterprise-wide risk frameworks.

Essential Duties

Include, but are not limited to, the following:

Program Leadership & Strategy

• Lead the development and execution of a centralizedThird-Party Risk Management (TPRM) framework and corresponding workflows, defining the appropriate tools to best facilitate the process.
• Facilitate cross-functional working sessions to identify and address supplier risk assessment gaps, including tiering, policy creation, education/training and governance.
• Lead Cross-Functional teams to define highest risk profile criteria and partner with business leaders to gain alignment on 'no go' positions
• Facilitate senior leader risk summaries to identify risk and establish/track program metrics promoting business owner acceptance of risk profiles within third party relationships.

Risk Assessment & Due Diligence

• Ensure compliance with KPIs and SLAs for daily operations across teams, ensuring measurable outcomes are achieved.
• Act as a point of escalation for the operational teams to ensure expediency while balancing risk to the organization.
• Lead large, one-time risk reviews related to M&A activity, assessing third-party vendor risk in acquired entities and building corresponding mitigation plans to get new partner aligned with EXAS standards

Monitoring & Reassessment

• Implement automated reassessment workflows based on third-party risk posture and material relationship changes.
• Track residual risks and ensure ongoing remediation and control effectiveness.

Stakeholder Engagement

• Educate business owners on TPRM timelines, SLA expectations, and questionnaire completion responsibilities.
• Work as the central liaison between risk partners to define workflow, enhancements and corresponding communication plans to drive organization policy creation & adherence
• Collaborate with internal teams to ensure alignment on privacy, cybersecurity, quality, procurement and other due diligenceteams.
• Establish and facilitate executive level risk committeeto address and ensure action for escalated risk situations.

Reporting & Governance

• Develop dashboards and reporting mechanisms to monitor third-party risk status, organizationalrisk exposure and program performance
• Support OE governance efforts by aligning TPRM activities with broader operational excellence goals.

Supplier Risk Process Optimization

• Collaborate with risk partners to redefine the supplier risk assessment process to be fit-for-purpose in collaboration with cross-functional risk partners, ensuring it reflects the complexity and criticality of third-party engagements while remaining scalable and efficient.
• Act as a thought leader and change agent to foster a culture of risk awareness and accountability, especially in emerging exposure areas with international expansion and global services.

• Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
• Support and comply with the company's Quality Management System policies and procedures.
• Maintain regular and reliable attendance.
• Ability to act with an inclusion mindset and model these behaviors for the organization.

Minimum Qualifications

• Bachelor's degree in business, Risk Management, Information Security, or related field; master's preferred.
• 7+ years of experience in risk management, compliance, or vendor oversight.
• Familiarity with regulatory frameworks (e.g., GDPR, HIPAA, HITRUST).
• Strong understanding of and experience with aligning risk with business strategy
• Experience with TPRM platforms (e.g., OneTrust, Coupa) and risk assessment methodologies.
• Strong analytical, communication, and stakeholder management skills.
• Strong leadership and project management abilities. Including the ability to effectively manage stakeholder relationships and have accountability in tracking and achieving team goals.
• Ability to work collaboratively with cross-functional teams and mobilize and engage team members.
• Demonstrated ability to perform the essential duties of the position with or without accommodation.
• Authorization to work in the United States without sponsorship.

Preferred Qualifications

• Certifications such as CTPRP, CISA, CISSP, or CRISC.

Salary Range:

Exact Sciences is proud to offer an employee experience that includes paid time off (including days for vacation, holidays, volunteering, and personal time), paid leave for parents and caregivers, a retirement savings plan, wellness support, and health benefits including medical, prescription drug, dental, and vision coverage. Learn more about our benefits.

Our success relies on the experiences and perspectives of a diverse team, and Exact Sciences fosters a culture where all employees can develop personally and professionally with a sense of respect and belonging. If you require an accommodation, please contact us here.

Not ready to apply? Join our Talent Community to stay updated on the latest news and opportunities at Exact Sciences.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, protected veteran status, and any other status protected by applicable local, state, or federal law.

To view the Right to Work, E-Verify Employer, and Pay Transparency notices and Federal, Federal Contractor, and State employment law posters, visit our compliance hub. The documents summarize important details of the law and provide key points that you have a right to know.