IT Risk & Control Analyst (Third Parties)

By clicking the “Apply” button, I understand that my employment application process with Takeda will commence and that the information I provide in my application will be processed in line with Takeda’sPrivacy Noticeand Terms of Use. I further attest that all information I submit in my employment application is true to the best of my knowledge.

Job Description

OBJECTIVES/PURPOSE

• Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources, within the region
• Assist and execute control assessment activities to identify control effectiveness, maturity and areas for improvements within region
• Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to Takeda
• Assist in promoting third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks
• Improve and help foster a positive end user experience with business stakeholders by enhancing our program to accommodate an agile business environment

ACCOUNTABILITIES

• Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources
• Collaborate with internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security and privacy risk assessment questionnaire
• Assist and execute regional control assessment activties to identify control effectiveness, maturity and areas for improvements
• Effectively translate third-party responses to assessment questionnaire, using sound judgement, into concise risk exposure reporting for delivery to internal stakeholders
• Partner with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to Takeda
• Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
• Provide any necessary training and awareness related to the third-party security process
• Contribute to the gathering and distribution of periodic program metrics and/or dashboards
• Mentor and train new risk analysts

Dimensions and Aspects

Technical/Functional

• Experience in evaluating third-parties for the presence of fundamental information security and data privacy controls
• Experience conducting risk assessments and applying concepts of inherent and residual risk to draw appropriate conclusions and articulate the same to non-technical audiences
• Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of Takeda information

Leadership

• Ability to effectively manage conflicting priorities
• Develops strong relationships with other teams across the organization

Decision-making and Autonomy

• Assists the Regional Information Risk Assurance Lead with global risk and control assurance activities and regional execution
• Responds to risk stakeholders in a timely manner, engages colleagues when needed, and escalates when necessary

Education, Behavioral Competences and Skills

• Essential –
  • Bachelor’s degree or equivalent
  • 1-3 years of experience in information security and/or third-party risk management
  • Ability to manage multiple workstreams simultaneously
  • Ability to think critically and analytically
  • Capable of effectively managing shifting priorities
  • Strong communication, interpersonal, presentation, and organizational skills
  • Comfortable operating in and navigating a global organization where risk stakeholders can be located across geographies and time zones
• Desired –
  • Security certification(s) (CISSP)
  • ServiceNow GRC experience

Locations

Worker Type

Worker Sub-Type

Time Type