About the Role
Legend Biotech is seeking a Third Party Security Risk Management, Sr. Specialist as part of the IT team based in Somerset, NJ.
Role Overview
The ideal candidate is experienced with information security industry Third Party Security Risk Management (TPSRM) best practices, modern automation and security tools. We are looking for someone with a security mindset who "thinks like an attacker". This position will support Legend’s TPSRM security and data privacy vendor assessment program. Drive continuous improvement of the process and facilitate tools to streamline TPSRM. Will collaborate with all business unit stakeholders globally to educate on the program and offer advice on security vendor risk mitigation as needed. Perform as a subject matter expert on TPSRM with responsibilities to review and assess vendors onboarding in Legend globally. Build strong relationships with key stakeholders; Legal, Compliance and Procurements units.
Key Responsibilities
Operate within Legend’s established TPSRM vendor assessment program, performing Third Party risk assessments using the security controls implemented by the company.
Execute vendor management processes to optimize relationships with vendors and deliver best results, aligned to business risk mitigation.
Manage scheduling and execution of assessments (cybersecurity, privacy, AI, security design questionnaire).
Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, security logging and monitoring, security incident response, and defense in depth strategies.
Define appropriate risk levels and corrective actions for issues identified. Formally communicate risks identified and remediation accepted by the business.
Ensure all third-party risk assessments, findings, recommendations, and remediation actions are thoroughly documented.
Engage in post assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation’s and mitigation.
Maintain security risk register and reassess vendors on the defined TPSRM schedule.
Maintain and enhance KPI metrics. Provide periodic updates to management.
Serve as a subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.
Enhance current TPSRM program to ensure risks are captured for all levels of vendors.
Collaborate and standardize TPSRM program with local teams globally.
Refine the light SIG for vendors that do not meet criteria for full assessment
Develop and deploy methods to better identify emerging risks associated with third party vendors
Maintain and enhance continuous assessment tool usage and continuous improvement initiatives (assessment/reassessment timeliness, risk remediation rate, reduction in residual risk).
Collaborate closely with the Procurement Team and business owners.
Provide supporting TPSRM documentation for assessment and audit.
Conduct kickoff meetings with vendors and Third-Party Managers to help identify and understand all technology involved in their service delivery and to also establish the scope of assessment
Reports on assessment outcomes to Business Owners, risk level and associated recommendations, and present issues to 3rd parties and obtain corrective action plans
Requests, reviews and validates artifacts in the form screenshots and other documentations to close out and audit item provided by vendors
Requirements
- A minimum of a Bachelor’s Degree in a relevant discipline, advanced degree is preferred.
- A minimum 7+ years relevant working experience in TPSRM or public accounting company 3rd Party experience.
- Ability to oversee and execute TPSRM process.
- Champion the importance of TPSRM principles to all stakeholders.
- Flexible, nimble leadership style that can shift quickly to new priorities and deliver outcomes based on Business needs.
- Results-focused with an unrelenting push toward delivering value through standardization and ongoing improvements align with Business needs.
- Experience with GDPR, CCPA, PIPL and other International Privacy regulations.
- Preferred Certifications: CISA, CISSP, CRVPM.
About the Company
Legend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including autologous and allogenic chimeric antigen receptor T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based immunotherapy. From our three R&D sites around the world, we apply these innovative technologies to pursue the discovery of safe, efficacious and cutting-edge therapeutics for patients worldwide.
Legend Biotech entered into a global collaboration agreement with Janssen, one of the pharmaceutical companies of Johnson & Johnson, to jointly develop and commercialize ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is designed to combine the strengths and expertise of both companies to advance the promise of an immunotherapy in the treatment of multiple myeloma.