Third Party Cyber Risk Manager (TPCRM)

Princeton, NJ, United States (On-site) Contract (10 months 23 days) Published 3 months ago stakeholder management

IT SECURITY

data analysis GRC Tools team management risk management Regulatory & Compliance risk analysis The TPCRM Risk Manager ensures secure and compliant collaboration with third-party vendors by managing cyber risk, security standards, and audit processes. This position combines technical expertise and business acumen to safeguard sensitive data and maintain trust between Genmab DD&AI and its partners.

Key Responsibilities:

Security:

Develop and maintain TPCRM security standards, metrics, and documentation. Continuously assess third-party security risks and monitor vendor landscape. Implement tools for ongoing risk monitoring and reporting. Align TPCRM operations with Danish NIS2 Act and ensure supplier assessments/reassessments by end of 2026. Collaborate with Procurement, Legal, Privacy, QA, and DD&AI to update security requirements.

Audit:

Design and deploy cyber risk audit services by 2026. Define audit priorities and execute audit calendar for short- and long-term plans. Integrate audit results into dashboards and maintain strong relationships with key stakeholders.

Timeline:

Full-time role (40 hrs/week) with a 12-month hiring period.

Primary Stakeholders:

Security Officers (US, DK, NL, JP, CN), Solution Architects, Business Owners, Data Protection Officer, Legal, Global Procurement, DD&AI Leadership, Head of IT Security & Risk Management.

Qualifications:

Education:

Bachelor's in Computer Science, MIS, or equivalent experience.

Experience:

5+ years in TPCRM security and risk management (Pharma/Biotech preferred).

Certifications:

CISA, CRISC, CISM, CISSP.

Familiarity with frameworks (ISO, NIST, GDPR, SOX, HIPAA) and GRC tools (ServiceNow, Archer, etc.). Proven ability to implement security processes and improvement roadmaps.

Skills:

Strong knowledge of vendor management and compliance frameworks (SOC 1/2, FISMA, GDPR, NIST, GxP). Excellent communication, analytical, and organizational skills. Ability to lead risk assessments, security improvements, and audit remediation. Proficiency in KPIs/KRIs reporting and collaboration across global teams.

Soft skills:

negotiation, facilitation, relationship-building. Danish NIS 2 Certified Information Security Manager

CISSP NIST

standards

GDPR HIPAA

ServiceNow

SOC 1 FISMA

GxP risk management business acumen security standards security risks supplier evaluations legal right to privacy quality assurance risk audits solution architecture data privacy IT security computer science management information systems CRISC security vendor relationship management data analysis organized team management risk analysis soft skills Negotiation The pay range that the employer in good faith reasonably expects to pay for this position is $32.36/hour - $50.56/hour. Our benefits include medical, dental, vision and retirement benefits. Applications will be accepted on an ongoing basis. Tundra Technical Solutions is among North America's leading providers of Staffing and Consulting Services. Our success and our clients' success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Unincorporated LA County workers:

we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations.