Manager IT Third-Party Risk
Manager IT Third-Party Risk
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 156750 - 173250
1 Vacancy
Job Description
Description
Job Title:
Manager IT ThirdParty Risk
Location:
San Diego CA / Hybrid
Position type:
FLSA:
Full time
Exempt
Department:
Finance ID:
Information Technology
P
Profoundly Improve Peoples lives by Revolutionizing the Delivery of RNA Therapeutics
At Avidity Biosciences we are passionate about the impact of every employee in realizing our vision of improving peoples lives by delivering a new class of RNA therapeutics. Avidity is revolutionizing the field of RNA with its proprietary AOCs which are designed to combine the specificity of monoclonal antibodies with the precision of oligonucleotide therapies to address targets and diseases previously unreachable with existing RNA therapies. If you are a committed solutionoriented thinker join us in making a difference and become part of our growing culture that is integrated collaborative agile and focused on the needs of patients.
Avidity Biosciences Inc.s mission is to profoundly improve peoples lives by delivering a new class of RNA therapeutics Antibody Oligonucleotide Conjugates (AOCs). Utilizing its proprietary AOC platform Avidity demonstrated the firstever successful targeted delivery of RNA into muscle and is leading the field with clinical development programs for three rare muscle diseases: myotonic dystrophy type 1 (DM1 Duchenne muscular dystrophy (DMD) and facioscapulohumeral muscular dystrophy (FSHD). Avidity is broadening the reach of AOCs with its advancing and expanding pipeline including programs in cardiology and immunology through internal discovery efforts and key partnerships. Avidity is headquartered inSan Diego CA.For more information about our AOC platform clinical development pipeline and people please visitwww.aviditybiosciencesand engage with us onLinkedInandTwitter.
The Opportunity
The Manager IT ThirdParty Risk is a key leadership role responsible for overseeing and enhancing Aviditys thirdparty risk management program ensuring that vendors suppliers and partners comply with security regulatory and operational risk requirements. This role is critical in assessing and mitigating cybersecurity compliance and operational risks associated with thirdparty relationships.
This position requires a technical and businesssavvy leader who can collaborate across IT procurement compliance security and business units to evaluate and manage risks within the thirdparty ecosystem. The ideal candidate will have handson experience in vendor assessments contract security requirements risk analysis and compliance monitoring while being able to communicate effectively with internal and external stakeholders.
Additionally this role will be instrumental in implementing and managing GRC (Governance Risk and Compliance) tooling such as OneTrust and will be involved in privacyrelated initiatives including privacy policy updates Data Subject Access Requests (DSAR) and cookie consent management. The ThirdParty Risk Manager will also drive automation and efficiency within the vendor risk assessment lifecycle ensuring streamlined compliance tracking and realtime risk visibility.
What You Will Contribute
- Develop and execute the thirdparty risk management (TPRM) strategy ensuring alignment with industry standards and regulatory requirements.
- Conduct thirdparty security risk assessments including vendor onboarding evaluations periodic reviews and contract risk analysis.
- Work closely with procurement legal compliance and IT teams to integrate riskbased decisionmaking into vendor selection and management.
- Ensure thirdparty compliance with NIST Cybersecurity Framework (CSF) ISO 27001 FDA HIPAA GxP and other relevant industry standards.
- Monitor vendor performance security posture and compliance with contractual obligations ensuring continuous risk oversight.
- Develop and maintain a thirdparty risk register tracking identified risks mitigation plans and remediation progress.
- Manage the thirdparty risk assessment lifecycle including initial due diligence ongoing monitoring and vendor exit strategies.
- Oversee risk scoring methodologies and implement automation to streamline vendor risk evaluation processes.
- Implement and manage GRC tooling such as OneTrust to automate risk assessments compliance tracking and vendor monitoring.
- Participate in privacy tracking and compliance efforts including privacy policy updates DSAR processing and cookie consent management.
- Drive incident response preparedness for thirdparty security breaches ensuring rapid containment and remediation.
- Provide executivelevel reporting on thirdparty risk trends key risks and mitigation strategies to senior leadership.
- Partner with business stakeholders to assess the impact of vendor risks on commercial readiness and operational resilience.
- Establish a continuous improvement program for thirdparty risk leveraging data analytics and threat intelligence to enhance decisionmaking.
What We Seek
- Bachelors degree in Information Security Risk Management Business or a related field (or equivalent experience).
- 8 years of experience with 5 years in thirdparty risk management vendor risk assessment or IT security risk management.
- Strong understanding of cybersecurity frameworks regulatory compliance (FDA HIPAA GxP and enterprise risk management methodologies.
- Experience with vendor risk management platforms (e.g. Archer OneTrust ServiceNow VRM or similar tools).
- Proven experience integrating TPRM strategies into broader cybersecurity and IT risk management programs.
- Strong negotiation and communication skills to engage with vendors legal teams and business stakeholders.
- Ability to translate technical risk findings into businessfocused recommendations for executive decisionmaking.
- Prior experience working in biotech pharmaceuticals or highly regulated industries is preferred.
- Experience with privacyrelated processes such as DSAR handling cookie consent management and privacy policy updates is a plus.
- Preferred Certifications or Equivalent Experience
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Third Party Risk Professional (CTPRP)
- Certified Information Systems Security Professional (CISSP)
- ISO 27001 Lead Auditor or equivalent experience
- Certified in Risk and Information Systems Control (CRISC) (Preferred for risk management expertise)
What We will Provide to You:
- The base salary range for this role is $. The final compensation will be commensurate with such factors as relevant experience skillset internal equity and market factors.
- Avidity offers competitive compensation and benefits which includes the opportunity for annual and spot bonuses stock options and RSUs as well as a 401(k) with an employer match. In addition the comprehensive wellness program includes coverage for medical dental vision and LTD and four weeks of time off.
- A commitment to learning and development which includes a variety of programming internally developed by and for Avidity employees opportunities for jobspecific training offered by industry and an education reimbursement program.
Avidity Biosciences
10578 Science Center Dr. Suite 125
San Diego CA
92121
O:
F:
Required Experience:
Manager
Employment Type
Full-Time
