Regional Information Risk Assurance Lead

**_ OBJECTIVES/PURPOSE _**
- Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources, within the region.
- Lead and execute control assessment activities to identify control effectiveness, maturity and areas for improvements within region.
- Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to Takeda.
- Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks.
- Lead and help foster a positive end user experience with business stakeholders by enhancing our program to accommodate an agile business environment.

**_ ACCOUNTABILITIES _**
- Lead and mature the third-party risk management process framework for security and privacy risk, including necessary standards, procedures, and technologies
- Execute the full lifecycle of information security and data privacy third-party risk assessments as needed, either individually or through available resources.
- Provide leadership to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security and privacy risk assessment questionnaire.
- Lead and execute regional control assessment activties to identify control effectiveness, maturity and areas for improvements
- Effectively translate third-party responses to assessment questionnaire, using sound judgement, into concise risk exposure reporting for delivery to internal stakeholders
- Partner with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to Takeda
- Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
- Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party risks
- Provide any necessary training and awareness related to the third-party security and privacy risk assessment process
- Contribute to the gathering and distribution of periodic program metrics and/or dashboards
- Provide insights on other security risk management matters, as necessary, in collaboration with the broader Information Risk Management and Complaince teams.
- Mentor and train new risk assesors and risk coordinators

**Technical/Functional (Line) Expertise**
- Experience in evaluating third-parties for the presence of fundamental information security and data privacy controls.
- Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of Takeda information.

**Leadership**
- Identify, plan and help lead future third party risk management continuous monitoring and enhancements.
- Influencing action across various business lines and geographies to achieve program objectives.
- Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies.
- Developing strong relationships with leaders of complementary programs (e.g. Business Stakeholders, Procurement, Legal, Ethics & Compliance) to ensure harmonization.

**Decision-making and Autonomy**
- Assists the Head of Risk & Control Assurance with global risk and control assurance activities and regional execution
- Operates autonomously in the execution of the third-party security risk program framework within the region.
- Serves as central point-of-contact for evaluating security risks associated with all third-party engagements within the region.
- Recommends and agrees with Line Manager the need for shifts in program strategy.

**Interaction**
- Excellent project management skills to effectively balance unexpected and conflicting priorities as they arise
- Experience operating effectively across matrixed organizations
- Intercultural sensitivity

**Innovation**
- Understand innovations and evolving best practices amongst industry practitioners of third-party security risk management to continually mature Takeda’s program.

**Complexity**
- Regional strategic role, but with coordination to the global program.
- Operate across geographies within a region and across business lines.
- Collaborate effectively with relevant third parties.

**_ EDUCATION, BEHAVIOURAL COMPETENCIES AND SKILLS:_**
- Bachelor’s degree or equivalent.
- 8+ years of proven experience in information security and/or third-party risk management
- Experience leading a team of risk analysts
- Demonstrated experience understanding of security principles, IT security controls, and related technologies and products
- Strong verbal/written communication, with ability to effectively interact with professionals at all levels and to translate complex risk matters