Qualifications:
Hybrid Work Schedule - Onsite 2 days per weekIndependently conduct activities related to assigned project/area (including implementation of security controls, risk assessments, security risk management processes, risk awareness activities, and maintenance of local networks)Lead setting up and optimization of security management processes for internal customers as assignedParticipate in project teams, panels, technological platforms, and meetings and keep in close contact with other cross-functional teamsGuide the other business teams in relation to security needs and issuesGuide and mentor newer team members in security systems/processes/controls**Education**• Bachelor’s Degree in Computer Science, MIS, or related field of study; or any equivalentcombination of relevant work experience and training**Experience**• Minimum 5 years of experience in TPCRM information security & risk management• Experience in a Pharma / Biotech / Healthcare company preferred• Certified CISA, CRISC, CISM, CISSP or relevant certification• Experience working with security and risk management frameworks and regulations (e.g. ISO, NIST, GDPR, SOX, HIPAA etc.)• Experience working with GRC tools (e.g. ServiceNow, Galvanize, Vanta, MetricStream, Archer, WolfPAC etc.)• Experience in defining and implementing security management processes and controls• Experience in setting up a TPCRM security improvement roadmap and driving theimplementation of corresponding actions and processes• Experience in working in multinational organizations and global virtual teams• Good understanding of current and emerging cyber security and privacy regulations andpractices, and how other enterprises are employing them.**Knowledge/Skills**• Excellent understanding of vendor management processes and related assuranceframeworks (e.g. SOC 1 and 2 and type I/II audits and auditor reports)• Good knowledge of Regulatory Compliance Frameworks applicable for a multinationalPharma / Biotech company (e.g., FISMA, GDPR, NIST, GxP)\• Strong business acumen, including domain-specific knowledge of Pharma / Biotech• Enable proactive identification/resolution of risks by collaborating across multiple teams• Fosters strong relationships with colleagues and business leaders to enable risk mitigation through effective communication of TPCRM risk status to key stakeholders• Leads and contributes to outcomes for: Risk assessments, Security improvements and**Audit remediations**• Supports alignment of security operations to policies, standards, and procedures• Contributes, maintains, and reports on Key Performance and Risk Indicators (KRI/KPI)• Excellent communication skills to connect effectively with different stakeholders and to deal with the different interests in the organization.• Keen sense of self, ethics, and effort, as well as the willingness to go the extra mile to achieve important goals.• Good understanding of current and emerging cyber security regulations and practices, and how other enterprises are employing them.• Experience tracking, measuring, and communicating the quality of risk management processes and controls applicable to the IT department.• Strong soft and interpersonal skills, including teamwork, facilitation, and negotiation• Excellent analytical and technical skills• Excellent written, verbal, communication, and presentation skills• Excellent planning and organizational skills and attention to detail
Responsibilities:
**Position Summary**Hybrid Work Schedule - Onsite 2 days per weekCollaboration with third parties is of strategic value for Genmab. This collaboration includes the exchange of confidential information and personal data, and the outsourcing of digital services. Trust and assurance are critical factors in the relationship between Genmab DD&AI and its partners and suppliers that require the assessment of their capabilities with respect to security, compliance, quality, and risk management. The TPCRM Risk Manager is responsible for organizing and driving the activities around TPCRM security and audits. This role requires a mix of business and technical acumen to influence and communicate with stakeholders across the enterprise. Creating awareness and educating stakeholders of TPCRM security and acting as an important link in the establishment of trusted relationships between Genmab DD&AI and its partners and suppliers to ensure that Genmab remains in control of critical data in the context of an increasing security threat landscape.**Primary Responsibilities****Security**• Develop and update TPCRM Security standards and documentation• Continuously assess TPCRM security risks based on an inventory of vendor landscape and TPCRM security risks• Develop TPCRM security metrics and requirements• Examine and select tools and techniques to continuously monitor and report on third party security risks• Support the management of information security risks throughout the duration of a supplier relationship, corresponding communication, and metrics reporting• Support operations of third-party cyber risk management program (TPCRM) in 2026• Ensure alignment with Danish NIS2 Act by end of 2026• Ensure all new TPCRM Suppliers assessed by end of 2026• Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026• Evaluate the security assurance statements of critical suppliers• Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA**Audit**• Develop and deploy cyber risk audit as a service by end of 2026• Develop and maintain strong working relationships with leaders in DD&AI, Legal and Global Procurement departments and stay ahead of new developments in security and data protection regulations• Develop and manage the framework and timeline for performing regular audits and the assessment of assurance reports• Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three year) term period• Execute audit calendar and integrate results into an integrated dashboard• Certified CISA, CRISC, CISM, CISSP or relevant certification• Experience working with security and risk management frameworks and regulations (e.g. ISO, NIST, GDPR, SOX, HIPAA etc.)• Experience working with GRC tools (e.g. ServiceNow, Galvanize, Vanta, MetricStream, Archer, WolfPAC etc.)• Experience in defining and implementing security management processes and controls• Experience in setting up a TPCRM security improvement roadmap and driving theimplementation of corresponding actions and processes• Experience in working in multinational organizations and global virtual teams• Good understanding of current and emerging cyber security and privacy regulations and practices, and how other enterprises are employing them.**Knowledge/Skills**• Excellent understanding of vendor management processes and related assuranceframeworks (e.g. SOC 1 and 2 and type I/II audits and auditor reports)• Good knowledge of Regulatory Compliance Frameworks applicable for a multinationalPharma / Biotech company (e.g., FISMA, GDPR, NIST, GxP)• Strong business acumen, including domain-specific knowledge of Pharma / Biotech• Enable proactive identification/resolution of risks by collaborating across multiple teams• Fosters strong relationships with colleagues and business leaders to enable risk mitigation through effective communication of TPCRM risk status to key stakeholders• Leads and contributes to outcomes for: Risk assessments, Security improvements and• Supports alignment of security operations to policies, standards, and procedures• Contributes, maintains, and reports on Key Performance and Risk Indicators (KRI/KPI)• Excellent communication skills to connect effectively with different stakeholders and to deal with the different interests in the organization.• Keen sense of self, ethics, and effort, as well as the willingness to go the extra mile to achieve important goals.• Good understanding of current and emerging cyber security regulations and practices, and how other enterprises are employing them.• Experience tracking, measuring, and communicating the quality of risk management processes and controls applicable to the IT department.• Strong soft and interpersonal skills, including teamwork, facilitation, and negotiation• Excellent analytical and technical skills• Excellent written, verbal, communication, and presentation skills• Excellent planning and organizational skills and attention to detail
Never miss an opportunity! Create an alert based on the job you applied for.
