Third Party Cyber Risk Manager; TPCRM

Overview

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Third Party Cyber Risk Manager (TPCRM)

Location(s): Princeton, NJ (Hybrid: Up to 3 days/week in office in Princeton NJ)

The TPCRM Risk Manager ensures secure and compliant collaboration with third-party vendors by managing cyber risk, security standards, and audit processes. This position combines technical expertise and business acumen to safeguard sensitive data and maintain trust between Genmab DD&AI and its partners.

Security

• Develop and maintain TPCRM security standards, metrics, and documentation.
• Continuously assess third-party security risks and monitor vendor landscape.
• Implement tools for ongoing risk monitoring and reporting.
• Align TPCRM operations with Danish NIS2 Act and ensure supplier assessments/reassessments by end of 2026.
• Collaborate with Procurement, Legal, Privacy, QA, and DD&AI to update security requirements.

Audit

• Design and deploy cyber risk audit services by 2026.
• Define audit priorities and execute audit calendar for short- and long-term plans.
• Integrate audit results into dashboards and maintain strong relationships with key stakeholders.

Timeline

• Full-time role (40 hrs/week) with a 12-month hiring period.

Primary Stakeholders

• Security Officers (US, DK, NL, JP, CN), Solution Architects, Business Owners, Data Protection Officer, Legal, Global Procurement, DD&AI Leadership, Head of IT Security & Risk Management.

Qualifications

• Education: Bachelor’s in Computer Science, MIS, or equivalent experience.
• Experience:
  • 5+ years in TPCRM security and risk management (Pharma/Biotech preferred).
  • Certifications:
    
    CISA, CRISC, CISM, CISSP.
  • Familiarity with frameworks (ISO, NIST, GDPR, SOX, HIPAA) and GRC tools (Service Now, Archer, etc.).
  • Proven ability to implement security processes and improvement roadmaps.

Skills Governance, Risk & Compliance (GRC)

• Vendor Risk Management & Supplier Evaluations.
• Risk Assessments, Risk Analysis & Risk Audits.
• Audit Readiness & Remediation.
• KPIs / KRIs Reporting.
• Compliance Management.
• Quality Assurance

Security Frameworks & Standards

• NIST (incl. NIST CSF).
• NIS 2 Directive.
• SOC 1 / SOC 2.
• FISMA.
• GxP.
• HIPAA.
• GDPR & Right to Privacy

Information Security & Privacy

• Information Security & IT Security
• Security Risk Identification & Mitigation
• Data Privacy & Data Protection
• Security Standards & Controls
• Solution Architecture (Security-aligned)

Tools & Technologies

• Service Now (GRC / Vendor Risk / Workflow)
• Data Analysis & Reporting

Certifications

• Certified Information Security Manager (CISM)
• CISSP
• CRISC

Business & Legal Acumen

• Business Acumen
• Legal & Regulatory Interpretation
• Vendor Relationship Management
• Stakeholder Management

Leadership & Soft Skills

• Negotiation & Facilitation
• Relationship Building
• Team Management & Cross-functional Collaboration
• Strong Communication & Analytical Skills
• Highly Organized & Detail-Oriented

Education & Background

• Computer Science
• Management Information Systems

Working Conditions

• Hybrid:
  Up to 3 days/week in office in Princeton NJ

Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.