Third Party Risk Management Analyst
Company: Legend Biotech
Location: Somerset
Posted on: January 26, 2026
|
|
|
Job Description:
Legend Biotech is a global biotechnology company dedicated to
treating, and one day curing, life-threatening diseases.
Headquartered in Somerset, New Jersey, we are developing advanced
cell therapies across a diverse array of technology platforms,
including autologous and allogenic chimeric antigen receptor
T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based
immunotherapy. From our three R&D sites around the world, we
apply these innovative technologies to pursue the discovery of
safe, efficacious and cutting-edge therapeutics for patients
worldwide. Legend Biotech entered into a global collaboration
agreement with Janssen, one of the pharmaceutical companies of
Johnson & Johnson, to jointly develop and commercialize
ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is
designed to combine the strengths and expertise of both companies
to advance the promise of an immunotherapy in the treatment of
multiple myeloma. Legend Biotech is seeking a Third Party Risk
Management Analyst as part of the IT team based in Somerset, NJ .
Role Overview The ideal candidate is experienced with information
security industry Third Party Security Risk Management (TPSRM) best
practices, modern automation and security tools. We are looking for
someone with a security mindset who "thinks like an attacker". This
position will support Legend’s TPSRM security, data privacy, and AI
vendor assessment program. They will collaborate with business unit
stakeholders in US and EU to perform assessments and communicate
vendor risk remediations identified. Perform as a subject matter
expert on TPSRM with responsibilities to independently review and
assess vendor risks. Build strong relationships with key
stakeholders; Legal, Compliance and Procurements units. Key
Responsibilities Execute vendor management processes to optimize
relationships with vendors and deliver best results, aligned to
business risk mitigation. Manage scheduling and execution of
assessments (cybersecurity, privacy, AI, security design
questionnaire). Evaluate key information security risks including
confidentiality, integrity and availability of technology
components through review of security operational processes, such
as vulnerability management, security logging and monitoring,
security incident response, and defense in depth strategies. Define
appropriate risk levels and corrective actions for issues
identified. Formally communicate risks identified and remediation
accepted by the business. Ensure all third-party risk assessments,
findings, recommendations, and remediation actions are thoroughly
documented. Engage in post assessment activities including
validation of initial findings with management and business unit,
follow-up on risk remediation’s and mitigation. Maintain security
risk register, vendor tier listing, and reassess vendors on the
defined TPSRM schedule. Serve as a subject matter expert to
identify and address key third party related risks and areas of
concern associated with new and existing third parties. Maintain
and enhance continuous assessment tool usage and continuous
improvement initiatives (assessment/reassessment timeliness, risk
remediation rate, reduction in residual risk). Collaborate closely
with the Procurement Team and business owners. Provide supporting
TPSRM documentation for assessment and audit. Hold kickoff meetings
with vendors and Third-Party Managers to identify technologies used
and define the assessment scope. Requests, reviews, and validates
vendor assessments and supporting documents to determine residual
risk, vendor tiering, and corrective actions. Clearly justifies and
documents rationale between the inherent to residual risk rating.
Deliver assessment results, risk levels, and recommendations to
Business Owners; report issues and corrective actions to third
parties. Requirements A minimum of a Bachelor’s Degree in a
relevant discipline, advanced degree is preferred. A minimum 5
years relevant working experience in TPSRM or public accounting
company 3rd Party experience. Ability to oversee and execute TPSRM
process. Champion the importance of TPSRM principles to all
stakeholders. Flexible, nimble leadership style that can shift
quickly to new priorities and deliver outcomes based on Business
needs. Results-focused with an unrelenting push toward delivering
value through standardization and ongoing improvements align with
Business needs. Experience with GDPR, CCPA, PIPL and other
International Privacy regulations. Preferred Certifications: CISA,
CISSP, CRVPM. Li-BG1 Li-Onsite The base pay range below is what
Legend Biotech USA Inc. reasonably expects to offer at the time of
posting. Actual compensation may vary based on experience, skills,
qualifications, and geographic location. The company reserves the
right to modify this range as needed and in accordance with
applicable laws. Performance-based bonus and/or equity is available
to employees in eligible roles. The anticipated base pay range is:
$107,482 - $141,070 USD Benefits Benefits include medical, dental,
and vision insurance as well as a 401(k) retirement plan with a
company match that vests fully on day one. We offer eight (8) weeks
of paid parental leave after just three (3) months of employment,
and a paid time off policy that includes vacation time, personal
time, sick time, floating holidays, and eleven (11) company
holidays. Additional benefits include flexible spending and health
savings accounts, life and AD&D insurance, short- and long-term
disability coverage, legal assistance, and supplemental plans such
as pet, critical illness, accident, and hospital indemnity
insurance. We also provide commuter benefits, family planning and
care resources, well-being initiatives, and peer-to-peer
recognition programs; demonstrating our ongoing commitment to
building a culture where our people feel empowered, supported, and
inspired to do their best work. Please note: These benefits are
offered exclusively to permanent full-time employees. Contract
employees are not eligible for benefits through Legend Biotech. EEO
Statement It is the policy of Legend Biotech to provide equal
employment opportunities without regard to actual or perceived
race, color, creed, religion, national origin, ancestry,
citizenship status, age, sex or gender (including pregnancy,
childbirth, related medical conditions and lactation), gender
identity or gender expression (including transgender status),
sexual orientation, marital status, military service and veteran
status, disability, genetic information, or any other protected
characteristic under applicable federal, state or local laws or
ordinances. Employment is at-will and may be terminated at any time
with or without cause or notice by the employee or the company.
Legend may adjust base salary or other discretionary compensation
at any time based on individual, team, performance, or market
conditions. For information related to our privacy policy, please
review: Legend Biotech Privacy Policy.
Keywords: Legend Biotech, Bridgeport , Third Party Risk Management Analyst, IT / Software / Systems , Somerset, Connecticut
