At Shire, we are proud and grateful to employ military veterans and thank them for their contributions to our company and our country. See where your military experience can play a role at Shire by using our military skills translator job search tool below:
By clicking the “Apply” button, I understand that my employment application process with Takeda will commence and that the information I provide in my application will be processed in line with Takeda’s Privacy Notice and Terms of Use . I further attest that all information I submit in my employment application is true to the best of my knowledge.
Job Description
OBJECTIVES/PURPOSE
Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources, within the region
Assist and execute control assessment activities to identify control effectiveness, maturity and areas for improvements within region
Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to Takeda
Assist in promoting third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks
Improve and help foster a positive end user experience with business stakeholders by enhancing our program to accommodate an agile business environment
ACCOUNTABILITIES
Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources
Collaborate with internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security and privacy risk assessment questionnaire
Assist and execute regional control assessment activties to identify control effectiveness, maturity and areas for improvements
Effectively translate third-party responses to assessment questionnaire, using sound judgement, into concise risk exposure reporting for delivery to internal stakeholders
Partner with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to Takeda
Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
Provide any necessary training and awareness related to the third-party security process
Contribute to the gathering and distribution of periodic program metrics and/or dashboards
Mentor and train new risk analysts
Dimensions and Aspects
Technical/Functional
Experience in evaluating third-parties for the presence of fundamental information security and data privacy controls
Experience conducting risk assessments and applying concepts of inherent and residual risk to draw appropriate conclusions and articulate the same to non-technical audiences
Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of Takeda information
Leadership
Ability to effectively manage conflicting priorities
Develops strong relationships with other teams across the organization
Decision-making and Autonomy
Assists the Regional Information Risk Assurance Lead with global risk and control assurance activities and regional execution
Responds to risk stakeholders in a timely manner, engages colleagues when needed, and escalates when necessary
Education, Behavioral Competences and Skills
Essential –
Bachelor’s degree or equivalent
1-3 years of experience in information security and/or third-party risk management
Ability to manage multiple workstreams simultaneously
Ability to think critically and analytically
Capable of effectively managing shifting priorities
Strong communication, interpersonal, presentation, and organizational skills
Comfortable operating in and navigating a global organization where risk stakeholders can be located across geographies and time zones
Desired –
Security certification(s) (CISSP)
ServiceNow GRC experience
Locations
MEX - Santa Fe
Worker Type
Employee
Worker Sub-Type
Regular
Time Type
Full time