Third Party Cyber Risk Manager (TPCRM)

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Third Party Cyber Risk Manager (TPCRM)

Location(s): Princeton, NJ
(Hybrid: Up to 3 days/week in office in Princeton NJ)

Role Overview
The TPCRM Risk Manager ensures secure and compliant collaboration with third-party vendors by managing cyber risk, security standards, and audit processes. This position combines technical expertise and business acumen to safeguard sensitive data and maintain trust between Genmab DD&AI and its partners.

• Develop and maintain TPCRM security standards, metrics, and documentation.
• Continuously assess third-party security risks and monitor vendor landscape.
• Implement tools for ongoing risk monitoring and reporting.
• Align TPCRM operations with Danish NIS2 Act and ensure supplier assessments/reassessments by end of 2026.
• Collaborate with Procurement, Legal, Privacy, QA, and DD&AI to update security requirements.

• Design and deploy cyber risk audit services by 2026.
• Define audit priorities and execute audit calendar for short- and long-term plans.
• Integrate audit results into dashboards and maintain strong relationships with key stakeholders.

• Full-time role (40 hrs/week) with a 12-month hiring period.

• Security Officers (US, DK, NL, JP, CN), Solution Architects, Business Owners, Data Protection Officer, Legal, Global Procurement, DD&AI Leadership, Head of IT Security & Risk Management.

• Education: Bachelor's in Computer Science, MIS, or equivalent experience.
• Experience:
  • 5+ years in TPCRM security and risk management (Pharma/Biotech preferred).
  • Certifications: CISA, CRISC, CISM, CISSP.
  • Familiarity with frameworks (ISO, NIST, GDPR, SOX, HIPAA) and GRC tools (ServiceNow, Archer, etc.).
  • Proven ability to implement security processes and improvement roadmaps.

• Vendor Risk Management & Supplier Evaluations.
• Risk Assessments, Risk Analysis & Risk Audits.
• Audit Readiness & Remediation.
• KPIs / KRIs Reporting.
• Compliance Management.
• Quality Assurance

• NIST (incl. NIST CSF).
• NIS 2 Directive.
• SOC 1 / SOC 2.
• FISMA.
• GxP.
• HIPAA.
• GDPR & Right to Privacy

• Information Security & IT Security
• Security Risk Identification & Mitigation
• Data Privacy & Data Protection
• Security Standards & Controls
• Solution Architecture (Security-aligned)

• ServiceNow (GRC / Vendor Risk / Workflow)
• Data Analysis & Reporting

• Certified Information Security Manager (CISM)
• CISSP
• CRISC

• Business Acumen
• Legal & Regulatory Interpretation
• Vendor Relationship Management
• Stakeholder Management

• Negotiation & Facilitation
• Relationship Building
• Team Management & Cross-functional Collaboration
• Strong Communication & Analytical Skills
• Highly Organized & Detail-Oriented

• Computer Science
• Management Information Systems

• Hybrid: Up to 3 days/week in office in Princeton NJ