Our Global Governance, Risk, and Compliance (GRC) team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer’s organization.
We are seeking a Manager, Third Party Risk Management, who provides direction for how the organization evaluates and oversees its external vendors. This role maintains the framework that guides third party risk decisions, ensures vendor relationships follow organizational requirements, and supports consistent oversight across all engagements. It keeps the organization focused on understanding vendor risks, applying a structured approach to assessments, and maintaining reliable documentation that supports continuity and compliance.
ROLE RESPONSIBILITIESDefine and maintain third‑party risk management policies and procedures that outline how vendors are assessed, classified, and monitored.
Oversee the execution of the TPRM program.
Review inherent risk evaluations and due‑diligence assessments to confirm that relevant security, privacy, compliance, and operational risks are properly identified and documented.
Review high‑risk assessments, ensuring findings are well‑articulated, evidence‑based, and aligned with internal standards.
Lead governance for risk treatment decisions, including remediation plans, compensating controls, and formal risk acceptances/exceptions.
Ensure vendor records, assessments, contracts, and risk findings are accurate, complete, and maintained in accordance with TPRM expectations and regulatory requirements.
Coordinate communication with vendors to request clarifications, gather required evidence, and follow up on remediation activities. Prepare clear, concise reporting for leadership that summarizes third‑party risk posture, program performance, key issues, and emerging trends.
Partner with procurement, legal, security, and business stakeholders to ensure third‑party risks are understood and managed.
Partner with Legal and Procurement to ensure security and cyber requirements are embedded into contracts.
Identify opportunities to strengthen the TPRM process through improved workflow design, automation, standardization, and integration with other GRC processes.
Present on TPRM program to senior and executive leadership to provide actionable insights.
BASIC QUALIFICATIONSBachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
5+ years of experience in information security, risk, compliance, information protection, or related disciplines.
Experience with frameworks and standards such as NIST Cybersecurity Framework or ISO 27001.
Experience developing and maintaining vendor risk policies, SOPs, and compliance frameworks.
Ability to manage multiple priorities, work with cross-functional teams, and deliver high-quality outputs.
Capability to align cybersecurity strategy with business objectives and operational resilience goals.
Strong leadership, communication, and presentation skills, with the ability to translate complex security concepts into business-focused insights for senior executives.
Excellent communication and interpersonal skills; ability to influence across levels and functions.
Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.
PREFERRED QUALIFICATIONSDemonstrated experience working in pharmaceuticals industry and large, complex, or regulated environments.
Professional certifications such as CISSP, CISM, CRISC, CISA, PMP, or similar.
Hands‑on experience with TPRM/GRC platforms (e.g., Archer).
Please apply by sending your CV in English.
Work Location Assignment: Hybrid
Purpose
Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
Flexibility
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
Disability Inclusion
Our mission is unleashing the power of all our people and we are proud to be a disability inclusive employer, ensuring equal employment opportunities for all candidates. We encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments to support your application and future career. Your journey with Pfizer starts here!
Information & Business Tech