Information Security Risk Manager

Under limited supervision responsible for the planning design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate cybersecurity policies and procedures. Monitors cybersecurity requirements for local area networks (LANs) wide area networks (WANs) virtual private networks (VPNs) routers firewalls and related network devices. Performs security assessments of applications and systems using penetration and vulnerability testing and risk analysis. Configures and installs firewalls and intrusion detection systems. Implements software fixes (patches) to remove system vulnerabilities. Responds immediately to cybersecurity-related incidents and provides a thorough post-event analysis. Investigates intrusion incidents and conducts forensic investigations.

We are looking for an experienced Information Security Risk Manager to join our this role you will be responsible for managing the information security risk management program including risk assessments of third-party vendors and suppliers to ensure compliance with the companys security policies standards and industry regulations. You will work closely with internal stakeholders and external vendors to assess mitigate and monitor risks associated with third-party risks associated with our business and technical relationships ensuring the protection of sensitive data and company assets.

Key Responsibilities:

• Third-Party Risk Assessments:
  • Lead and conduct thorough security assessments of vendors and suppliers to evaluate their information security posture and practices.
  • Assess third-party compliance with the companys security requirements and industry standards (e.g. ISO 27001 SOC 2 NIST GDPR HIPAA).
  • Review and analyze security questionnaires audit reports and vendor responses to identify risks and gaps.

• Risk Mitigation and Remediation:
  • Identify document and prioritize security risks associated with third-party vendors and suppliers.
  • Work with vendors to develop action plans and remediation strategies to address security gaps or vulnerabilities.
  • Monitor and track the implementation of corrective actions to ensure timely resolution.

• Vendor Management and Collaboration:
  • Collaborate with procurement legal and vendor management teams to integrate security requirements into vendor contracts and service-level agreements (SLAs).
  • Ensure that security and compliance requirements are included in vendor contracts and that vendors meet agreed-upon security standards throughout the engagement lifecycle.

• Compliance Monitoring:
  • Monitor and track the ongoing compliance of vendors with the companys security policies and industry regulations.
  • Provide regular updates and reports to senior management on the status of third-party security risks and compliance.
  • Stay current on changes in security regulations and standards and ensure third-party compliance with evolving legal and regulatory requirements.

• Security Audits and Documentation:
  • Manage and perform security assessments of third-party vendors and suppliers to validate their security posture and controls.
  • Maintain comprehensive records of risk assessments vendor assessments audit findings and corrective actions taken.

• Continuous Improvement:
  • Develop and refine third-party risk management processes tools and templates to streamline assessments and improve efficiency.
  • Stay informed on emerging security threats and trends to proactively address new risks posed by third-party vendors.

• Training and Awareness:
  • Educate internal teams on third-party risk management best practices and ensure alignment with overall security objectives.
  • Provide guidance and support to vendors as needed to improve their security posture.

Qualifications:

• Education:
  • Bachelors degree in Information Security Information Technology Business Administration or a related field. A Masters degree is a plus.

• Experience:
  • 4 years of experience in information security with a focus on third-party risk management vendor risk assessments or related fields.
  • Demonstrated experience in assessing and managing third-party security risks and compliance requirements.
  • Familiarity with industry standards and frameworks such as ISO 27001 NIST SOC 2 GDPR and HIPAA.

• Certifications:
  • Certifications such as CISSP CISM CISA CRISC or similar security-focused certifications are strongly preferred.

• Skills:
  • Strong analytical skills with the ability to assess complex security risks and develop risk mitigation strategies.
  • Excellent communication skills with the ability to work effectively with both technical and non-technical stakeholders.
  • Proficiency in using risk management tools frameworks and security assessment methodologies.
  • Strong attention to detail and the ability to prioritize tasks effectively.
  • Ability to influence and collaborate with external vendors to implement security best practices.

Preferred Qualifications:

• Experience in managing third-party risks in regulated industries (e.g. healthcare finance or government).
• Familiarity with third-party risk management platforms and tools.
• Strong project management skills and the ability to handle multiple vendor assessments simultaneously.

Disclaimer:
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.

Why Avantor

Dare to go further in your career. Join our global team of 14000 associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science.

The work we do changes peoples lives for the better. It brings new patient treatments and therapies to market giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his moms voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents learn new skills and grow your career at Avantor.

We are committed to helping you on this journey through our diverse equitable and inclusive culture which includes learning experiences to support your career growth and success. At Avantor dare to go further and see how the impact of your contributions set science in motion to create a better world. Apply today!

EEO Statement:

We are an Equal Employment/Affirmative Action employer and VEVRAA Federal Contractor. We do not discriminate in hiring on the basis of sex gender identity sexual orientation race color religious creed national origin physical or mental disability protected Veteran status or any other characteristic protected by federal state/province or local law.

If you need a reasonable accommodation for any part of the employment process please contact us by email at and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about equal employment opportunity protections please view the Know Your Rights poster.

3rd Party Non-Solicitation Policy:

By submitting candidates without having been formally assigned on and contracted for a specific job requisition by Avantor or by failing to comply with the Avantor recruitment process you forfeit any fee on the submitted candidates regardless of your usual terms and conditions. Avantor works with a preferred supplier list and will take the initiative to engage with recruitment agencies based on its needs and will not be accepting any form of solicitation.