Associate,ThirdPartyRiskManagement

## **ROLE SUMMARY** Our Global Governance, Risk, and Compliance (GRC) team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer’s organization. We are looking for an Associate to join our Third-Party Risk Management team, supporting key activities such as due‑diligence reviews, audit support, and maintaining accurate vendor risk records. This role involves engaging with third parties to complete risk assessments, collecting required evidence, ensuring updates are captured, and maintaining visibility into third‑party risks. ## **ROLE RESPONSIBILITIES** * Support the end‑to‑end lifecycle of cyber TPRM assessments: intake, scoping, due diligence, risk evaluation, documentation, remediation tracking, and closure. * Assist in maintaining TPRM documentation, templates, and processes to support a consistent approach across vendors. * Support vendor assessments by gathering security documents, reviewing information, and highlighting gaps that differ from the policies. * Assist with due‑diligence activities by sending questionnaires, tracking responses, and ensuring information is complete. * Assist and track remediation plans and due dates with vendors and internal stakeholders for identified gaps. * Track open items through to closure, ensuring evidence meets documentation standards. * Assist with periodic reassessments and continuous monitoring activities for higher‑risk vendors, including change‑triggered reviews (e.g., new data types, expanded scope, incidents, acquisitions). * Produce and maintain TPRM operational metrics and dashboards. ## **BASIC QUALIFICATIONS** * Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field **OR** equivalent practical experience. * 1-2 years of experienc