Associate, Third Party Risk Management

ROLE SUMMARY

Our Global Governance Risk and Compliance (GRC) team provides comprehensive blueprints for cybersecurity excellence by embedding governance risk management and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security privacy and regulatory compliance is integrated seamlessly with Pfizers organization.

We are looking for an Associate to join our Third-Party Risk Management team supporting key activities such as duediligence reviews audit support and maintaining accurate vendor risk records. This role involves engaging with third parties to complete risk assessments collecting required evidence ensuring updates are captured and maintaining visibility into thirdparty risks.

ROLE RESPONSIBILITIES

• Support the endtoend lifecycle of cyber TPRM assessments: intake scoping due diligence risk evaluation documentation remediation tracking and closure.

• Assist in maintaining TPRM documentation templates and processes to support a consistent approach across vendors.

• Support vendor assessments by gathering security documents reviewing information and highlighting gaps that differ from the policies.

• Assist with duediligence activities by sending questionnaires tracking responses and ensuring information is complete.

• Assist and track remediation plans and due dates with vendors and internal stakeholders for identified gaps.

• Track open items through to closure ensuring evidence meets documentation standards.

• Assist with periodic reassessments and continuous monitoring activities for higherrisk vendors including changetriggered reviews (e.g. new data types expanded scope incidents acquisitions).

• Produce and maintain TPRM operational metrics and dashboards.

BASIC QUALIFICATIONS

• Bachelors degree in Information Technology Cybersecurity Computer Science or a related field OR equivalent practical experience.

• 1-2 years of experience in information security risk compliance information protection or related disciplines.

• Experience with audits assessments or compliance reviews.

• Excellent collaboration and interpersonal skills with the ability to work effectively across levels and functions to support program objectives.

• Experience reviewing documents questionnaires or technical evidence with attention to detail.

• Strong business communication skills and organizational skills with the ability to manage multiple assessments/tasks in parallel.

PREFERRED QUALIFICATIONS

• Experience working in pharmaceuticals industry.

• Professional certifications such as CISSP CISM CRISC CISA PMP or similar.

• Experience with GRC/TPRM tools (e.g. Archer).

• Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset adaptability to change and a proactive problem-solving approach.

NON-STANDARD WORK SCHEDULE TRAVEL OR ENVIRONMENT REQUIREMENTS

• Travel as required by the business (less than 20% domestic and/or international)

• Work Location Assignment: Must be able to work in assigned Pfizer office 2-3 days per week or as needed by the business

Please apply by sending your CV in English.

Work Location Assignment:Hybrid

To learn more about acceptable and prohibited uses of AI during the recruitment process please review our candidate AI-use guidelines available onPfizer Careers.