Third Party Risk Management - Crown Jewels Risk Manager (Remote)

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn and Tik Tok.

This is a senior-level cybersecurity role responsible for supporting AbbVie’s Information Security Risk Management (ISRM) – Cybersecurity Third Party Risk Management (TPRM) team. The position will report directly to the Director of Cybersecurity TPRM and will lead and manage AbbVie’s top tiered annual third-party cybersecurity risk leveraging the SOC2 Type II assessment protocol. Core responsibilities will include executing and completing cybersecurity evaluations certification throughout the evaluation lifecycle from prioritization, governance, and intake through risk remediation/acceptance, and cross-function reporting to executive leaders and committees.

This position can be located virtually anywhere in the U.S.

Responsibilities

• Perform and identify areas of process improvement.
• Function as the lead on critical program initiatives.
• Manage independent projects.
• Work directly with Business Owners and Key Stakeholders on at-risk third-party evaluations.
• Conduct cybersecurity evaluations on AbbVie top tier third parties leveraging SOC 2 Type II reports.
• Analyze cybersecurity controls in relation to AbbVie top tier due diligence rigor and challenge.
• Manage escalations across internal and external key stakeholders.
• Thoroughly document standard operating procedures and controls.
• Self-identify program enhancements and third-party risk outliers to management.
• Manage identified risk to completion, including validation of remediation efforts and/or acceptance.
• Adhere to cyber security processes, procedures, reporting and metrics while performing risk management duties.

• Bachelors Degree and 7 years of experience OR Master’s Degree and 6 years of experience OR PhD and 2 years of experience.
• Must have in-depth experience with third-party SOC 2 Type II reports.
• Familiarity with security controls, concepts, and frameworks (e.g., ISO and NIST).
• Ability to communicate complex technical security practices to non-technical resources.
• Familiarity with cybersecurity terminology, concepts, and understanding of the cyber threat landscape and attack vectors.
• Capable of learning new concepts and processes quickly.
• Adaptable to a constantly changing environment.
• Demonstrated critical thinking, problem solving, and analytical skills.
• Strong organization skills with a focus on details.
• Strong written and verbal communication skills with an elevated level of professionalism.
• Ability to work independently and effectively as part of a team.

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
• This job is eligible to participate in our short-term incentive programs.
• This job is eligible to participate in our long-term incentive programs.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law.

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion. It is AbbVie’s policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.

US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

https://www.abbvie.com/join-us/reasonable-accommodations.html