Manager, Third Party Risk Management

ROLE SUMMARY

Our Global Governance Risk and Compliance (GRC) team provides comprehensive blueprints for cybersecurity excellence by embedding governance risk management and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security privacy and regulatory compliance is integrated seamlessly with Pfizers organization.

We are seeking a Manager Third Party Risk Management who provides direction for how the organization evaluates and oversees its external vendors. This role maintains the framework that guides third party risk decisions ensures vendor relationships follow organizational requirements and supports consistent oversight across all engagements. It keeps the organization focused on understanding vendor risks applying a structured approach to assessments and maintaining reliable documentation that supports continuity and compliance.

ROLE RESPONSIBILITIES

• Define and maintain thirdparty risk management policies and procedures that outline how vendors are assessed classified and monitored.

• Oversee the execution of the TPRM program.

• Review inherent risk evaluations and duediligence assessments to confirm that relevant security privacy compliance and operational risks are properly identified and documented.

• Review highrisk assessments ensuring findings are wellarticulated evidencebased and aligned with internal standards.

• Lead governance for risk treatment decisions including remediation plans compensating controls and formal risk acceptances/exceptions.

• Ensure vendor records assessments contracts and risk findings are accurate complete and maintained in accordance with TPRM expectations and regulatory requirements.

• Coordinate communication with vendors to request clarifications gather required evidence and follow up on remediation activities. Prepare clear concise reporting for leadership that summarizes thirdparty risk posture program performance key issues and emerging trends.

• Partner with procurement legal security and business stakeholders to ensure thirdparty risks are understood and managed.

• Partner with Legal and Procurement to ensure security and cyber requirements are embedded into contracts.

• Identify opportunities to strengthen the TPRM process through improved workflow design automation standardization and integration with other GRC processes.

• Present on TPRM program to senior and executive leadership to provide actionable insights.

BASIC QUALIFICATIONS

• Bachelors degree in Information Technology Cybersecurity Computer Science or a related field.

• 5 years of experience in information security risk compliance information protection or related disciplines.

• Experience with frameworks and standards such as NIST Cybersecurity Framework or ISO 27001.

• Experience developing and maintaining vendor risk policies SOPs and compliance frameworks.

• Ability to manage multiple priorities work with cross-functional teams and deliver high-quality outputs.

• Capability to align cybersecurity strategy with business objectives and operational resilience goals.

• Strong leadership communication and presentation skills with the ability to translate complex security concepts into business-focused insights for senior executives.

• Excellent communication and interpersonal skills; ability to influence across levels and functions.

• Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset adaptability to change and a proactive problem-solving approach.

PREFERRED QUALIFICATIONS

• Demonstrated experience working in pharmaceuticals industry and large complex or regulated environments.

• Professional certifications such as CISSP CISM CRISC CISA PMP or similar.

• Handson experience with TPRM/GRC platforms (e.g. Archer).

Please apply by sending your CV in English.

Work Location Assignment:Hybrid