Associate Director, Third Party Information Security Risk Management


Palo Alto, CA

Industry: Pharmaceuticals & Biotech


11 - 15 years

Posted 67 days ago

This job is no longer available.

Jazz Pharmaceuticals is looking for an experienced Associate Director, Third Party Information Security Risk Management to develop a framework, establish a program and continuously manage third party information securityrisks throughout the lifecycle of the vendor’s engagement with Jazz

Job Responsibilities and Requirements:

  • Design and implement a third-party information securityrisk management framework that align and adhere to Jazz’s standards for policies, standards, guidelines on information security and data privacy
  • Perform due diligence on an third party vendors at contracting stage
  • Identify and assess risk, determine applicable controls which mitigate risk, and communicate opportunities for control improvements to third party vendors on an ongoing basis
  • Track and manage remediation items and/or findings to completion
  • Develop and manage third party operational (KPI) and risk (KRI) metrics for Third Party Information Security Risks
  • Serve as a subject matter expert and/or provides direction on process, projects, and issues pertaining to third party Information Security risk management
  • Collaborate with internal business partners to manage Information Security needs of Jazz for Third Parties
  • Provide oversight for all key deliverables from third party information securityrisk assessment and remediation
  • Communicate and escalate third-party risk and control issues identified, and serve as primary point of contact to manage and oversee remediation of third party issues for information security
  • Actively participate in internal forums for developing and providing thought leadership in third-party risk management
  • Cultivate robust and sustainable working relationships between Security, Compliance, other IT and business teams to foster a cross-functional team environment.


  • Excellent written and verbal communication skills; ability to convey security concepts to non-technical audiences (e.g. senior and executive management, internal customers)
  • Ability to see the bigger picture of overall Information Security and understand the impact of Third Party Risk Management on Information security
  • Ability to articulate and demonstrate a risk-relevant approach for Third Party Information securityRisk Management
  • Knowledge of operating systems (UN IX/Linux and Solaris, Windows) and of database management systems (Oracle, SQL Server, etc.), Network Security Concepts, Cloud Security concepts, virtualization, Endpoint security, Threat and Vulnerability Management etc.
  • Ability to identify and suggest remediation for systems architecture
  • Ongoing familiarity with emerging and prevalent technologies and IT systems
  • At least 10 years of relevant IT Security experience and two or more relevant certifications (i.e. CISM, CISA etc.)
  • Experience of leading global cross functional project teams, along with strong technical expertise are highly desirable
  • Must have strong analytical, problem solving and critical thinking skills and the ability to support decisions that balance Information security while also enabling business objectives
  • Demonstrated vendor relationship management skills, with the ability to build strong rapport.
  • Self-starter that understands and owns every vital detail as second nature

Additional Valuable Skills and Certifications:

  • Pharmaceutical industry experience
  • Ability to travel for 10-15%