Third Party Information Risk Analyst Lisboa

Third Party Information Risk Analyst
Lisboa
Lisboa, Lisboa, Portugal

HOW MIGHT YOU DEFY IMAGINATION?

Join our team at AMGEN Capability Center Portugal, number 1 company in Best Workplaces - https://www.greatplacetowork. pt/ - ranking in Portugal (category 201-500 employees) by the Great Place to Work Institute. We have a team of over 300 talented people and more than 35 different nationalities, diverse areas of expertise and professional experience that are shaping the future of healthcare. This is your chance to explore a world of opportunities in different areas such as Cybersecurity, Data & Analytics, Digital, Technology and Innovation, Finance, General & Admin, Human Resources, Regulatory Affairs and many more. In Lisbon's city center, our AMGEN office fosters innovation, excellence, and inspiration. Come thrive with us at AMGEN, supporting our mission To Serve Patients. What we do at AMGEN matters in people’s lives.

LIVE

THIRD-PARTY RISK ASSESSMENT SPECIALIST

WHAT YOU WILL DO:

As a Third-Party Risk Assessment Specialist to join our Information Security team you will play a critical role in focusing on ensuring that security risks associated with
- party vendors are identified, assessed, mitigated, and monitored effectively.

You’ll have responsibility for reviewing security terms and conditions in contracts, especially redlined sections by counterparties, and collaborate with Legal, Strategic Sourcing, and business owners to ensure compliance with internal security standards.

Key Responsibilities of the role:

• Perform comprehensive security assessments of
  - party vendors, identifying potential risks and control gaps.
• Review and negotiate security clauses in contracts that are redlined by counterparties, ensuring they align with organizational security policies and risk appetite.
• Collaborate with Legal, Strategic Sourcing, and business owners during contract review and vendor onboarding processes to address security risks.
• Provide subject matter expertise on security controls, frameworks (e. g. , ISO 27001, NIST), and risk mitigation strategies.
• Maintain an inventory of approved security terms for contract negotiations and support the continuous improvement of the contract review process.
  
  

• Educated to degree level in Information Security, Computer Science, or related field (or equivalent experience).
• Demonstrable experience in
  - party risk management, information security, or a related field.
• Strong understanding of security frameworks and controls (e. g. , ISO 27001, NIST, SOC 2).
• Experience in reviewing and negotiating security clauses in contracts.
• Familiarity with risk mitigation strategies and monitoring methodologies.
• Ability to collaborate effectively with
  - functional teams, including Legal and Procurement.
• Excellent written and verbal communication skills, with the ability to convey technical security concepts to
  - technical stakeholders.
  
  

• Industry-recognized certifications (e. g. , CISSP, CISA, CISM, CRISC).
• Experience with
  - party risk management tools and systems.
• Knowledge of regulatory requirements and data privacy standards (e. g. , GDPR, HIPAA).
  
  

• Vast opportunities to learn, develop, and move up and across our global organization.
• Diverse and inclusive community of belonging, where colleagues are empowered to bring ideas to the table, take risks, and act.
• Generous Amgen Total Rewards Plan comprising healthcare, finance, wealth and career benefits.
• Flexible work arrangements.