The Manager, IT Third-Party Risk is a key leadership role responsible for overseeing and enhancing Avidity’s third-party risk management program, ensuring that vendors, suppliers, and partners comply with security, regulatory, and operational risk requirements. This role requires a technical and business-savvy leader who can collaborate across IT, procurement, compliance, security, and business units to evaluate and manage risks within the third-party ecosystem.
Requirements
- Bachelor’s degree in Information Security, Risk Management, Business, or a related field (or equivalent experience)
- 8+ years of experience, with 5+ years in third-party risk management, vendor risk assessment, or IT security risk management
- Strong understanding of cybersecurity frameworks, regulatory compliance (FDA, HIPAA, GxP), and enterprise risk management methodologies
- Experience with vendor risk management platforms (e.g., Archer, OneTrust, ServiceNow VRM, or similar tools)
- Proven experience integrating TPRM strategies into broader cybersecurity and IT risk management programs
- Strong negotiation and communication skills to engage with vendors, legal teams, and business stakeholders
- Ability to translate technical risk findings into business-focused recommendations for executive decision-making
- Prior experience working in biotech, pharmaceuticals, or highly regulated industries is preferred
- Experience with privacy-related processes such as DSAR handling, cookie consent management, and privacy policy updates is a plus
Benefits
- Annual and spot bonuses
- Stock options and RSUs
- 401(k) with an employer match
- Comprehensive wellness program including coverage for medical, dental, vision, and LTD
- Four weeks of time off
- Commitment to learning and development including job-specific training and education reimbursement program