Company Information
Legend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including autologous and allogenic chimeric antigen receptor T-cell and natural killer (NK) cell-based immunotherapy.
Legend Biotech entered into a global collaboration agreement with Janssen, one of the pharmaceutical companies of Johnson & Johnson, to jointly develop and commercialize ciltacabtagene autolecuel (cilta-cel) in 2017. Our strategic partnership is designed to combine the strengths and expertise of both companies to advance the promise of an immunotherapy in the treatment of multiple myeloma.
Legend Biotech is seeking a TPRM (Third Party Risk Management) Senior Analyst as part of the IT team based in Somerset, NJ.
Role Overview
The TPRM Senior Analyst is responsible for ensuring that all the Global TPRM control objectives are complied with and operating efficiently. The Senior Analyst will report directly to the Manager, TPRM to execute Legend's Global Cybersecurity strategy. He / She will collaborate closely and frequently interact with the TPRM Manager. This individual will perform vendor due diligence and deep dives to assess Cybersecurity and Data privacy controls globally. Also, work with business partners on remediations to reduce or lower vendors' residual risk.
This is a cross-functional role, working closely with the Cybersecurity team and other functional teams globally to ensure security and regulatory requirements and solutions to meet compliance objectives. The NIST govern, identify, protect, detect, respond, and recover framework needs to be supported and defended against threat actors. This individual will contribute to protecting valuable assets while mitigating potential business damage that is intensifying currently in Cybersecurity threats, vulnerabilities, risks, and regulatory requirements compliance.
Effective communication and technical leadership are critical to the success of this role. Candidates must possess the ability to fluently speak both technical and business language interchangeably.
Key Responsibilities

• Perform third-party risk assessment and analysis on third parties to understand Information security, cyber, and business continuity posture and capture Inherent risk. Also, work with business partners on remediations to reduce or lower the residual risk.
• Create and maintain partnerships across all business and functional areas and interface with various levels of staff throughout to advance the third-party risk due diligence program, tools, and awareness.
• Collaborate with senior business stakeholders to validate Risk Appetite & tolerance.
• Perform gap analysis and deep dive validations on assessments completed by junior assessors.
• Train on Global TPRM Policies and Procedures.
• Enhance current design of third-party risk operating models, identifying, evaluating, and providing solutions to evaluate complex business and cybersecurity risks.
• Administer the TPRM/Security application and manage joiners, movers, and leavers.
• Collaborate with Legal and Procurement functions to ensure regulatory requirements are met.
• Work cross-functionally with team members to support and drive a collaborative team environment.
• Articulate and present trends, metrics for Management consumption. Generate innovative ideas and challenge the status quo.
• Workflow Enhancement for OneTrust GRC Tool utilized for TPRM process: Collaborate with stakeholders to identify opportunities for enhancing workflow processes within the OneTrust GRC tool, ensuring alignment with organizational objectives and regulatory requirements.

Ad-Hoc GRC Responsibilities

• Assist team lead to ensure that SOX testing is conducted in a cooperative, timely and efficient manner.
• Assist with the successful completion of the quarterly UAR (User Access Review) audit process.
• Monitor SAP GRC risk mitigation control reviews.
• Other ad-hoc GRC tasks (information gathering, data analytics, presentation slide preparation, etc.)

Requirements

• A minimum of a bachelor's degree in a relevant discipline, advanced degree is preferred.
• Minimum 5 years' work experience in Third Party Risk Management with strong background in GRC risks and controls.
• Must have experience working in multi-national organizations
• High understanding of GDPR, NIST (800-53, 800-39,100-1) and other privacy compliance regulations
• Experience with Third Party risk assessment tools, analyzing risk and proposing remediations, and drafting risk assessment reports.
• Successful project implementation and follow-up. Ability to monitor and manage the progress of tasks. Strong time management skills.
• High proficiency in both written and spoken English; Excellent writing and presentation skills with demonstrated ability to communicate clearly and concisely with peers and all levels of leadership.
• Ability to influence stakeholders and set appropriate expectations.
• Demonstrate critical thinking, problem solving, time management and attention to detail with a proactive attitude.
• Professional Certifications: CISSP, CRVPM, CISA, CISM.

#Li-JK2
Legend Biotech is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is Legend's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
Legend Biotech maintains a drug-free workplace.