Third Party Security Risk Management, Sr. Specialist

Legend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including autologous and allogenic chimeric antigen receptor T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based immunotherapy. From our three R&D sites around the world, we apply these innovative technologies to pursue the discovery of safe, efficacious and cutting-edge therapeutics for patients worldwide.

Legend Biotech entered into a global collaboration agreement with Janssen, one of the pharmaceutical companies of Johnson & Johnson, to jointly develop and commercialize ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is designed to combine the strengths and expertise of both companies to advance the promise of an immunotherapy in the treatment of multiple myeloma.

Legend Biotech is seeking a Third Party Security Risk Management, Sr. Specialist as part of the IT team based in Somerset, NJ .

Role Overview

The ideal candidate is experienced with information security industry Third Party Security Risk Management (TPSRM) best practices, modern automation and security tools. We are looking for someone with a security mindset who "thinks like an attacker". This position will support Legend's TPSRM security and data privacy vendor assessment program. Drive continuous improvement of the process and facilitate tools to streamline TPSRM. Will collaborate with all business unit stakeholders globally to educate on the program and offer advice on security vendor risk mitigation as needed. Perform as a subject matter expert on TPSRM with responsibilities to review and assess vendors onboarding in Legend globally. Build strong relationships with key stakeholders; Legal, Compliance and Procurements units.

Key Responsibilities

• Operate within Legend's established TPSRM vendor assessment program, performing Third Party risk assessments using the security controls implemented by the company.
• Execute vendor management processes to optimize relationships with vendors and deliver best results, aligned to business risk mitigation.
• Manage scheduling and execution of assessments (cybersecurity, privacy, AI, security design questionnaire).
• Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, security logging and monitoring, security incident response, and defense in depth strategies.
• Define appropriate risk levels and corrective actions for issues identified. Formally communicate risks identified and remediation accepted by the business.
• Ensure all third-party risk assessments, findings, recommendations, and remediation actions are thoroughly documented.
• Engage in post assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation's and mitigation.
• Maintain security risk register and reassess vendors on the defined TPSRM schedule.
• Maintain and enhance KPI metrics. Provide periodic updates to management.
• Serve as a subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.
• Enhance current TPSRM program to ensure risks are captured for all levels of vendors.
• Collaborate and standardize TPSRM program with local teams globally.
• Refine the light SIG for vendors that do not meet criteria for full assessment
• Develop and deploy methods to better identify emerging risks associated with third party vendors
• Maintain and enhance continuous assessment tool usage and continuous improvement initiatives (assessment/reassessment timeliness, risk remediation rate, reduction in residual risk).
• Collaborate closely with the Procurement Team and business owners.
• Provide supporting TPSRM documentation for assessment and audit.
• Conduct kickoff meetings with vendors and Third-Party Managers to help identify and understand all technology involved in their service delivery and to also establish the scope of assessment
• Reports on assessment outcomes to Business Owners, risk level and associated recommendations, and present issues to 3rd parties and obtain corrective action plans
• Requests, reviews and validates artifacts in the form screenshots and other documentations to close out and audit item provided by vendors

Requirements

• A minimum of a Bachelor's Degree in a relevant discipline, advanced degree is preferred.
• A minimum 7+ years relevant working experience in TPSRM or public accounting company 3rd Party experience.
• Ability to oversee and execute TPSRM process.
• Champion the importance of TPSRM principles to all stakeholders.
• Flexible, nimble leadership style that can shift quickly to new priorities and deliver outcomes based on Business needs.
• Results-focused with an unrelenting push toward delivering value through standardization and ongoing improvements align with Business needs.
• Experience with GDPR, CCPA, PIPL and other International Privacy regulations.
• Preferred Certifications: CISA, CISSP, CRVPM.

#Li-BG1

#Li-Onsite

The base pay range below is what Legend Biotech USA Inc. reasonably expects to offer at the time of posting. Actual compensation may vary based on experience, skills, qualifications, and geographic location. The company reserves the right to modify this range as needed and in accordance with applicable laws. Performance-based bonus and/or equity is available to employees in eligible roles.

The anticipated base pay range is:

$107,482—$141,070 USD

Benefits

Benefits include medical, dental, and vision insurance as well as a 401(k) retirement plan with a company match that vests fully on day one. We offer eight (8) weeks of paid parental leave after just three (3) months of employment, and a paid time off policy that includes vacation time, personal time, sick time, floating holidays, and eleven (11) company holidays. Additional benefits include flexible spending and health savings accounts, life and AD&D insurance, short- and long-term disability coverage, legal assistance, and supplemental plans such as pet, critical illness, accident, and hospital indemnity insurance. We also provide commuter benefits, family planning and care resources, well-being initiatives, and peer-to-peer recognition programs; demonstrating our ongoing commitment to building a culture where our people feel empowered, supported, and inspired to do their best work.

Please note: These benefits are offered exclusively to permanent full-time employees. Contract employees are not eligible for benefits through Legend Biotech.

EEO Statement

It is the policy of Legend Biotech to provide equal employment opportunities without regard to actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth, related medical conditions and lactation), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, disability, genetic information, or any other protected characteristic under applicable federal, state or local laws or ordinances.

Employment is at-will and may be terminated at any time with or without cause or notice by the employee or the company. Legend may adjust base salary or other discretionary compensation at any time based on individual, team, performance, or market conditions.

For information related to our privacy policy, please review: Legend Biotech Privacy Policy.