Third Party Security Risk Management, Sr. Specialist
Company: Legend Biotech
Location: Somerset
Posted on: February 11, 2026
|
|
|
Job Description:
Legend Biotech is a global biotechnology company dedicated to
treating, and one day curing, life-threatening diseases.
Headquartered in Somerset, New Jersey, we are developing advanced
cell therapies across a diverse array of technology platforms,
including autologous and allogenic chimeric antigen receptor
T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based
immunotherapy. From our three R&D sites around the world, we
apply these innovative technologies to pursue the discovery of
safe, efficacious and cutting-edge therapeutics for patients
worldwide. Legend Biotech entered into a global collaboration
agreement with Janssen, one of the pharmaceutical companies of
Johnson & Johnson, to jointly develop and commercialize
ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is
designed to combine the strengths and expertise of both companies
to advance the promise of an immunotherapy in the treatment of
multiple myeloma. Legend Biotech is seeking a Third Party Security
Risk Management, Sr. Specialist as part of the IT team based in
Somerset, NJ . Role Overview The ideal candidate is experienced
with information security industry Third Party Security Risk
Management (TPSRM) best practices, modern automation and security
tools. We are looking for someone with a security mindset who
"thinks like an attacker". This position will support Legend’s
TPSRM security and data privacy vendor assessment program. Drive
continuous improvement of the process and facilitate tools to
streamline TPSRM. Will collaborate with all business unit
stakeholders globally to educate on the program and offer advice on
security vendor risk mitigation as needed. Perform as a subject
matter expert on TPSRM with responsibilities to review and assess
vendors onboarding in Legend globally. Build strong relationships
with key stakeholders; Legal, Compliance and Procurements units.
Key Responsibilities Operate within Legend’s established TPSRM
vendor assessment program, performing Third Party risk assessments
using the security controls implemented by the company. Execute
vendor management processes to optimize relationships with vendors
and deliver best results, aligned to business risk mitigation.
Manage scheduling and execution of assessments (cybersecurity,
privacy, AI, security design questionnaire). Evaluate key
information security risks including confidentiality, integrity and
availability of technology components through review of security
operational processes, such as vulnerability management, security
logging and monitoring, security incident response, and defense in
depth strategies. Define appropriate risk levels and corrective
actions for issues identified. Formally communicate risks
identified and remediation accepted by the business. Ensure all
third-party risk assessments, findings, recommendations, and
remediation actions are thoroughly documented. Engage in post
assessment activities including validation of initial findings with
management and business unit, follow-up on risk remediation’s and
mitigation. Maintain security risk register and reassess vendors on
the defined TPSRM schedule. Maintain and enhance KPI metrics.
Provide periodic updates to management. Serve as a subject matter
expert to identify and address key third party related risks and
areas of concern associated with new and existing third parties.
Enhance current TPSRM program to ensure risks are captured for all
levels of vendors. Collaborate and standardize TPSRM program with
local teams globally. Refine the light SIG for vendors that do not
meet criteria for full assessment. Develop and deploy methods to
better identify emerging risks associated with third party vendor.
Maintain and enhance continuous assessment tool usage and
continuous improvement initiatives (assessment/reassessment
timeliness, risk remediation rate, reduction in residual risk).
Collaborate closely with the Procurement Team and business owners.
Provide supporting TPSRM documentation for assessment and audit.
Conduct kickoff meetings with vendors and Third-Party Managers to
help identify and understand all technology involved in their
service delivery and to also establish the scope of assessment.
Reports on assessment outcomes to Business Owners, risk level and
associated recommendations, and present issues to 3rd parties and
obtain corrective action plans. Requests, reviews and validates
artifacts in the form screenshots and other documentations to close
out and audit item provided by vendors. Requirements A minimum of a
Bachelor’s Degree in a relevant discipline, advanced degree is
preferred. A minimum 7 years relevant working experience in TPSRM
or public accounting company 3rd Party experience. Ability to
oversee and execute TPSRM process Drives implementation of the
TPSRM solution strategy Ability to develop processes and procedures
to align with the Enterprise Champion the importance of TPSRM
principles to all stakeholders Flexible, nimble leadership style
that can shift quickly to new priorities and deliver outcomes based
on Business needs Results-focused with an unrelenting push toward
delivering value through standardization and ongoing improvements
align with Business needs Experience with GDPR, CCPA, PIPL and
other International Privacy regulations. Preferred Certifications:
CISA, CISSP, CRVPM. Li-BG1 Li-Onsite The base pay range below is
what Legend Biotech USA Inc. reasonably expects to offer at the
time of posting. Actual compensation may vary based on experience,
skills, qualifications, and geographic location. The company
reserves the right to modify this range as needed and in accordance
with applicable laws. Performance-based bonus and/or equity is
available to employees in eligible roles. The anticipated base pay
range is: $107,482 - $141,070 USD Benefits Benefits include
medical, dental, and vision insurance as well as a 401(k)
retirement plan with a company match that vests fully on day one.
We offer eight (8) weeks of paid parental leave after just three
(3) months of employment, and a paid time off policy that includes
vacation time, personal time, sick time, floating holidays, and
eleven (11) company holidays. Additional benefits include flexible
spending and health savings accounts, life and AD&D insurance,
short- and long-term disability coverage, legal assistance, and
supplemental plans such as pet, critical illness, accident, and
hospital indemnity insurance. We also provide commuter benefits,
family planning and care resources, well-being initiatives, and
peer-to-peer recognition programs; demonstrating our ongoing
commitment to building a culture where our people feel empowered,
supported, and inspired to do their best work. Please note: These
benefits are offered exclusively to permanent full-time employees.
Contract employees are not eligible for benefits through Legend
Biotech. EEO Statement It is the policy of Legend Biotech to
provide equal employment opportunities without regard to actual or
perceived race, color, creed, religion, national origin, ancestry,
citizenship status, age, sex or gender (including pregnancy,
childbirth, related medical conditions and lactation), gender
identity or gender expression (including transgender status),
sexual orientation, marital status, military service and veteran
status, disability, genetic information, or any other protected
characteristic under applicable federal, state or local laws or
ordinances. Employment is at-will and may be terminated at any time
with or without cause or notice by the employee or the company.
Legend may adjust base salary or other discretionary compensation
at any time based on individual, team, performance, or market
conditions. For information related to our privacy policy, please
review: Legend Biotech Privacy Policy.
Keywords: Legend Biotech, Lower Merion , Third Party Security Risk Management, Sr. Specialist, IT / Software / Systems , Somerset, Pennsylvania
