Manager, IT Third-Party Risk

The Manager, IT Third-Party Risk is a key leadership role responsible for overseeing and enhancing Avidity’s third-party risk management program, ensuring that vendors, suppliers, and partners comply with security, regulatory, and operational risk requirements. This role requires a technical and business-savvy leader who can collaborate across IT, procurement, compliance, security, and business units to evaluate and manage risks within the third-party ecosystem.

Requirements

• Bachelor’s degree in Information Security, Risk Management, Business, or a related field (or equivalent experience)
• 8+ years of experience, with 5+ years in third-party risk management, vendor risk assessment, or IT security risk management
• Strong understanding of cybersecurity frameworks, regulatory compliance (FDA, HIPAA, GxP), and enterprise risk management methodologies
• Experience with vendor risk management platforms (e.g., Archer, OneTrust, ServiceNow VRM, or similar tools)
• Proven experience integrating TPRM strategies into broader cybersecurity and IT risk management programs
• Strong negotiation and communication skills to engage with vendors, legal teams, and business stakeholders
• Ability to translate technical risk findings into business-focused recommendations for executive decision-making
• Prior experience working in biotech, pharmaceuticals, or highly regulated industries is preferred
• Experience with privacy-related processes such as DSAR handling, cookie consent management, and privacy policy updates is a plus

Benefits

• Annual and spot bonuses
• Stock options and RSUs
• 401(k) with an employer match
• Comprehensive wellness program including coverage for medical, dental, vision, and LTD
• Four weeks of time off
• Commitment to learning and development including job-specific training and education reimbursement program