Third Party Risk Management Analyst (Contractor)
Company: Legend Biotech
Location: Somerset
Posted on: January 26, 2026
|
|
|
Job Description:
Legend Biotech is a global biotechnology company dedicated to
treating, and one day curing, life-threatening diseases.
Headquartered in Somerset, New Jersey, we are developing advanced
cell therapies across a diverse array of technology platforms,
including autologous and allogenic chimeric antigen receptor
T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based
immunotherapy. From our three R&D sites around the world, we
apply these innovative technologies to pursue the discovery of
safe, efficacious and cutting-edge therapeutics for patients
worldwide. Legend Biotech entered into a global collaboration
agreement with Janssen, one of the pharmaceutical companies of
Johnson & Johnson, to jointly develop and commercialize
ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is
designed to combine the strengths and expertise of both companies
to advance the promise of an immunotherapy in the treatment of
multiple myeloma. Legend Biotech is seeking a Third Party Risk
Management Analyst (Contractor) as part of the IT team based in
Somerset, NJ . Role Overview The ideal candidate is experienced
with information security industry Third Party Security Risk
Management (TPSRM) best practices, modern automation and security
tools. We are looking for someone with a security mindset who
"thinks like an attacker". This position will support Legend’s
TPSRM security, data privacy, and AI vendor assessment program.
They will collaborate with business unit stakeholders in US and EU
to perform assessments and communicate vendor risk remediations
identified. Perform as a subject matter expert on TPSRM with
responsibilities to independently review and assess vendor risks.
Build strong relationships with key stakeholders; Legal, Compliance
and Procurements units. Key Responsibilities Execute vendor
management processes to optimize relationships with vendors and
deliver best results, aligned to business risk mitigation. Manage
scheduling and execution of assessments (cybersecurity, privacy,
AI, security design questionnaire). Evaluate key information
security risks including confidentiality, integrity and
availability of technology components through review of security
operational processes, such as vulnerability management, security
logging and monitoring, security incident response, and defense in
depth strategies. Define appropriate risk levels and corrective
actions for issues identified. Formally communicate risks
identified and remediation accepted by the business. Ensure all
third-party risk assessments, findings, recommendations, and
remediation actions are thoroughly documented. Engage in post
assessment activities including validation of initial findings with
management and business unit, follow-up on risk remediation’s and
mitigation. Maintain security risk register, vendor tier listing,
and reassess vendors on the defined TPSRM schedule. Serve as a
subject matter expert to identify and address key third party
related risks and areas of concern associated with new and existing
third parties. Maintain and enhance continuous assessment tool
usage and continuous improvement initiatives
(assessment/reassessment timeliness, risk remediation rate,
reduction in residual risk). Collaborate closely with the
Procurement Team and business owners. Provide supporting TPSRM
documentation for assessment and audit. Hold kickoff meetings with
vendors and Third-Party Managers to identify technologies used and
define the assessment scope. Requests, reviews, and validates
vendor assessments and supporting documents to determine residual
risk, vendor tiering, and corrective actions. Clearly justifies and
documents rationale between the inherent to residual risk rating.
Deliver assessment results, risk levels, and recommendations to
Business Owners; report issues and corrective actions to third
parties. Requirements A minimum of a Bachelor’s Degree in a
relevant discipline, advanced degree is preferred. A minimum 5
years relevant working experience in TPSRM or public accounting
company 3rd Party experience. Ability to oversee and execute TPSRM
process. Champion the importance of TPSRM principles to all
stakeholders. Flexible, nimble leadership style that can shift
quickly to new priorities and deliver outcomes based on Business
needs. Results-focused with an unrelenting push toward delivering
value through standardization and ongoing improvements align with
Business needs. Experience with GDPR, CCPA, PIPL and other
International Privacy regulations. Preferred Certifications: CISA,
CISSP, CRVPM. Must be able to come onsite at least 3 days per week.
Li-BG1 Li-Contractor Li-Hybrid Benefits Benefits include medical,
dental, and vision insurance as well as a 401(k) retirement plan
with a company match that vests fully on day one. We offer eight
(8) weeks of paid parental leave after just three (3) months of
employment, and a paid time off policy that includes vacation time,
personal time, sick time, floating holidays, and eleven (11)
company holidays. Additional benefits include flexible spending and
health savings accounts, life and AD&D insurance, short- and
long-term disability coverage, legal assistance, and supplemental
plans such as pet, critical illness, accident, and hospital
indemnity insurance. We also provide commuter benefits, family
planning and care resources, well-being initiatives, and
peer-to-peer recognition programs; demonstrating our ongoing
commitment to building a culture where our people feel empowered,
supported, and inspired to do their best work. Please note: These
benefits are offered exclusively to permanent full-time employees.
Contract employees are not eligible for benefits through Legend
Biotech. EEO Statement It is the policy of Legend Biotech to
provide equal employment opportunities without regard to actual or
perceived race, color, creed, religion, national origin, ancestry,
citizenship status, age, sex or gender (including pregnancy,
childbirth, related medical conditions and lactation), gender
identity or gender expression (including transgender status),
sexual orientation, marital status, military service and veteran
status, disability, genetic information, or any other protected
characteristic under applicable federal, state or local laws or
ordinances. Employment is at-will and may be terminated at any time
with or without cause or notice by the employee or the company.
Legend may adjust base salary or other discretionary compensation
at any time based on individual, team, performance, or market
conditions. For information related to our privacy policy, please
review: Legend Biotech Privacy Policy.
Keywords: Legend Biotech, Danbury , Third Party Risk Management Analyst (Contractor), IT / Software / Systems , Somerset, Connecticut
