By clicking the “Apply” button, I understand that my employment application process with Takeda will commence and that the information I provide in my application will be processed in line with Takeda’s Privacy Notice and Terms of Use. I further attest that all information I submit in my employment application is true to the best of my knowledge.

Job Description

OBJECTIVES/PURPOSE

Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources, within the regionAssist and execute control assessment activities to identify control effectiveness, maturity and areas for improvements within regionCollaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to TakedaAssist in promoting third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risksImprove and help foster a positive end user experience with business stakeholders by enhancing our program to accommodate an agile business environment

ACCOUNTABILITIES

Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resourcesCollaborate with internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security and privacy risk assessment questionnaireAssist and execute regional control assessment activities to identify control effectiveness, maturity and areas for improvementsEffectively translate third-party responses to assessment questionnaire, using sound judgement, into concise risk exposure reporting for delivery to internal stakeholdersPartner with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to TakedaEnsure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processesProvide any necessary training and awareness related to the third-party security processContribute to the gathering and distribution of periodic program metrics and/or dashboardsMentor and train new risk analysts

Technical/Functional Expertise

Experience in evaluating third parties for the presence of fundamental information security and data privacy controlsExperience conducting risk assessments and applying concepts of inherent and residual risk to draw appropriate conclusions and articulate the same to non-technical audiencesAbility to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of Takeda information

Leadership

Ability to effectively manage conflicting prioritiesDevelops strong relationships with other teams across the organization

Decision-making and Autonomy

Assists the Regional Information Risk Assurance Lead with global risk and control assurance activities and regional executionResponds to risk stakeholders in a timely manner, engages colleagues when needed, and escalates when necessary

Interaction

Strong project management skills to effectively balance unexpected and conflicting priorities as they ariseExperience operating effectively across matrixed organizationsIntercultural sensitivity

Innovation

Innovates to find new solutions to problemsAbility to apply innovative approaches within the program to identify win-win solutions

Complexity

Regional role, but with coordination to the global programOperate across geographies within a region and across business linesCollaborate effectively with relevant third parties

Essential

Bachelor’s degree or equivalent1-3 years of experience in information security and/or third-party risk managementAbility to manage multiple workstreams simultaneouslyAbility to think critically and analyticallyCapable of effectively managing shifting prioritiesStrong communication, interpersonal, presentation, and organizational skillsComfortable operating in and navigating a global organization where risk stakeholders can be located across geographies and time zones

Desired

Security certification(s) (CISSP)ServiceNow GRC experience

LocationsIND - Bengaluru

Worker TypeEmployee

Worker Sub-TypeRegular

Time TypeFull time