Celgene Third Party Security and Risk Specialist in Summit, New Jersey


Celgene is a global biopharmaceutical company leading the way in medical innovation to help patients live longer, better lives. Our purpose as a company is to discover and develop therapies that will change the course of human health. We value our passion for patients, quest for innovation, spirit of independence and love of challenge. With a presence in more than 70 countries - and growing - we look for talented people to grow our business, advance our science and contribute to our unique culture


Reporting to Celgene’s Information Security Sr. Manager the Senior Security Specialist II position is part of an overall team responsible for day to day enterprise-wide oversight and coordination of information technology security efforts to reduce risks, respond to incidents and limit exposure to liability and risk with regard to IT systems, networks and applications. Emphasis is on third party risk management and the related technological solutions and processes to support a Third Party Information Security Risk Program. The ‘hands on’ position requires strong policy and process knowledge along with skills/expertise in technologies such as firewalls, end-point protection, and access controls. It also involves a working interaction with numerous other departments and business functions.

Responsibilities will include, but are not limited to, the following:

•Accountable as part of a team for implementation of the Information Security program for Celgene Corporation.

•Assist with the development, deployment and support of a Third Party Information Security Risk Program and conduct reviews with third parties regarding mitigation activities.

•Assist with the configuration and up-keep of a vendor risk management toolset (Modulo)

•Contribute to an organization wide Vendor Management program with focus on Information Security risk.

•Create and maintain a master audit schedule for third parties while considering past audit results and criticality of the third party.

•Assist in the review of contracts between third parties and Celgene to ensure Information Security is addressed and adhered to.

•Create and maintain metrics to track third party issues and risks.

•Conduct periodic reviews with the vendor regarding any issues or risks identified during an audit or outside threat intelligence.

•Track any Corrective Action or Preventative Action to closure.

•Build a working relationship with other risk and compliance stakeholders including IT Compliance, Internal Audit, and Legal teams.

•Periodically review third party access controls including VPN connectivity, host based firewall rules and network based firewall rules.

•Ability to identify information security risks, execute design and assist in implementation of strategies and programs to prevent or reduce the loss of organizational assets.

•Support the design, implementation, operation and maintenance of security applications and tools based upon the established security architecture.

•Communicate effectively with users in addressing information security questions, issues or concerns independently.

•Actively conduct user security awareness, educational sessions / workshops as needed.

•Create and review status, activity and metric reports as requested by management.

•Develop close working relationships with management, company peers and industry counterparts to ensure alignment of company goals with current information security industry and regulatory trends.

•Stay current on changes in the Pharmaceutical industry, with Celgene products and services, and information security terms, concepts, practices, and policies, as well as changes in the regulatory and audit requirements with respect to information security and privacy on a Global basis.

•Stay abreast of current technology solutions and innovative information security management techniques to safeguard organizational assets.

•Perform other related duties as assigned.



HES / Bachelor's degree in a technical discipline or equivalent plus a minimum of 7 years of computer, network, or other technical related experience, including 3-5 years of information security experience required.


•Bachelor's degree in a technical discipline or equivalent plus a minimum of 7 years of network, computer, or other technical experience, including 5 or more years of information security experience required.

•Well versed in information security concepts (e.g. defense in depth, separation of duties, control environments, malicious software, security awareness etc.).

•Strong working experience either auditing or assessing risk either internally or working with third parties.

•Experience utilizing a GRC platform for risk assessments and risk management.

•Working knowledge of security monitoring solutions (e.g. IPS, NAC, SIEM etc.).

•Experience in role based application and infrastructure security (e.g. Active Directory / Identity Management / LDAP etc.).

•Demonstrated experience with technology and methodologies standard to network engineering.

•Demonstrated understanding of relevant terminology, such as: threat, vulnerability, risk, asset, exposure, safeguards, etc.

•Demonstrated knowledge of industry best practices in regard to network security (e.g. NIST, SANS, NSA etc.).

•Working knowledge of various regulatory and broad security best practice standards and guidelines (e.g. ISO 27002, PCI, EU Privacy etc.).

•Proficient at multitasking and prioritizing in a fast-paced environment.

•Strong interpersonal, analytical, and customer service skills, including the ability to explain complex technical terms in language understandable to the business.

•Ability to effectively communicate verbally and in written forms in a professional manner.

•Ability to manage one’s own time effectively (organize & schedule).

•Ability to work as both a team member and leader, meet team schedules, and contribute to the team's goals and objectives.

•Provide security guidance and expert advice to management and other groups.

•Experience working in a global (multinational) environment is required.

•Experience in the Pharmaceutical industry is a plus.

Professional Certifications

Current certification status in CISSP, CISM, Security+, CISA, OSCP, CEH or other security related certifications are preferred.

Celgene is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status.

Celgene complies with all applicable national, state and local laws governing nondiscrimination in employment as well as employment eligibility verification requirements of the Immigration and Nationality Act. All applicants must have authorization to work for Celgene in the U.S.

Third Party Security and Risk Specialist

Location: Summit, NJ, US

Job ID: 17000783