Cyber and 3rd party risk manager

 

Cyber and 3rd party risk manager 


 About Amgen 
Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today.



 

What you will do 


Role Description:

This is a lead role to support the risk management product team in identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts.



 

Roles & Responsibilities: 
 Risk Management Leadership 

Support the global risk management and third-party organization in leading a team of risk analysts performing tasks related to the global risk assessment processes.

 Risk Identification and Assessment: 

Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies.

Assist in the identification and evaluation of risks associated with third-party vendors and partners.

Maintain the IT risk register, documenting risks, issues, and remediation actions.

 Risk Mitigation and Monitoring: 

Recommend risk mitigation strategies and implement risk management controls across IT infrastructure.

Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities.

Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed.

 Compliance and Regulatory Support: 

Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST).

Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices.

Support the development and implementation of IT governance, risk, and compliance frameworks.

 Vendor Risk Management: 

Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies.

Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary.

 

What we expect of you 
We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications.

 

Basic Qualifications and Experience: 
Education:

Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field.

Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable.

 

Experience: 

4-6 years of experience in IT risk management, IT auditing, or information security.

Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT).

 Skills and Competencies: 

Strong understanding of IT infrastructure, systems, and security best practices.

Ability to assess technical and business risk related to information systems.

Excellent problem-solving, analytical, and communication skills.

Ability to communicate complex risk concepts to non-technical stakeholders.

Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS)

Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS).

 Technical Knowledge: 

Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools.

Experience with security controls related to networks, databases, and cloud environments.

 Soft Skills: 

Excellent analytical and troubleshooting skills

Strong verbal and written communication skills

Ability to work effectively with global, virtual teams

High degree of initiative and self-motivation

Ability to manage multiple priorities successfully

Team oriented, with a focus on achieving team goals

Strong presentation and public speaking skills

Collaboration with global teams

 

What you can expect of us 
As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way.

In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.





 

Apply now 


for a career that defies imagination

Objects in your future are closer than they appear. Join us.

 

careers.amgen.com 


As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.