Associate Director, IT Third-Party Risk
Location: San Diego
Posted on: June 23, 2025
|
|
|
Job Description:
Job Title: Associate Director, IT Third-Party Risk Location:
Remote Position type: FLSA: Full time Exempt Department: Finance
ID: IT Security, Infrastructure and EA 9180-2024-1-P Profoundly
Improve People’s lives by Revolutionizing the Delivery of RNA
Therapeutics At Avidity Biosciences, we are passionate about the
impact of every employee in realizing our vision of improving
people’s lives by delivering a new class of RNA therapeutics.
Avidity is revolutionizing the field of RNA with its proprietary
AOCs, which are designed to combine the specificity of monoclonal
antibodies with the precision of oligonucleotide therapies to
address targets and diseases previously unreachable with existing
RNA therapies. If you are a committed, solution-oriented thinker,
join us in making a difference and become part of our growing
culture that is integrated, collaborative, agile and focused on the
needs of patients. Avidity Biosciences, Inc.'s mission is to
profoundly improve people's lives by delivering a new class of RNA
therapeutics - Antibody Oligonucleotide Conjugates (AOCs™).
Utilizing its proprietary AOC platform, Avidity demonstrated the
first-ever successful targeted delivery of RNA into muscle and is
leading the field with clinical development programs for three rare
muscle diseases: myotonic dystrophy type 1 (DM1), Duchenne muscular
dystrophy (DMD) and facioscapulohumeral muscular dystrophy (FSHD).
Avidity is broadening the reach of AOCs with its advancing and
expanding pipeline, including programs in cardiology and immunology
through internal discovery efforts and key partnerships. Avidity is
headquartered in San Diego, CA. For more information about our AOC
platform, clinical development pipeline, and people, please visit
www.aviditybiosciences.com and engage with us on LinkedIn and X .
The Opportunity The Associate Director, IT Third-Party Risk is a
strategic leadership role responsible for architecting and
advancing Avidity’s third-party risk management (TPRM) and
Governance, Risk, and Compliance (GRC) programs. This role is
instrumental in designing and operationalizing scalable frameworks
that ensure vendors, suppliers, and partners comply with Avidity’s
security, privacy, regulatory, and operational risk requirements.
As the organization evolves, this leader may also take on
additional IT sub-functions aligned to risk and resilience. This
position requires a forward-thinking, technically adept leader who
excels at cross-functional collaboration across IT, procurement,
compliance, legal, security, and the business. The ideal candidate
brings a depth of experience in vendor risk governance, regulatory
alignment, risk analytics, and GRC tooling, along with a strong
ability to translate risk insights into strategic business
decisions. In addition to owning third-party risk, this role will
lead the implementation and optimization of GRC tools (e.g.,
OneTrust), and oversee privacy-related initiatives such as policy
updates, DSAR processing, and cookie consent management. The
Associate Director will champion automation and innovation in the
TPRM lifecycle, ensuring enterprise-wide risk visibility and
operational resilience. What You Will Contribute Define, lead and
continuously evolve the third-party risk management (TPRM)
strategy, ensuring alignment with industry standards and regulatory
requirements. Design and scale risk governance frameworks that
align with regulatory, security, and business needs. Work closely
with procurement, legal, compliance, and IT teams to integrate
risk-based decision-making into vendor selection and management.
Ensure third-party compliance with NIST Cybersecurity Framework
(CSF), ISO 27001, FDA, HIPAA, GxP, and other relevant industry
standards. Monitor vendor performance, security posture, and
compliance with contractual obligations, ensuring continuous risk
oversight. Develop and maintain a third-party risk register,
tracking identified risks, mitigation plans, and remediation
progress. Manage the third-party risk assessment lifecycle,
including initial due diligence, ongoing monitoring, and vendor
exit strategies. Oversee risk scoring methodologies and implement
automation to streamline vendor risk evaluation processes. Direct
the configuration, integration, and use of GRC platforms (e.g.,
OneTrust) to support real-time risk management and compliance
oversight. Drive privacy-related compliance processes, including
DSAR fulfillment, privacy policy governance, and cookie consent
tracking. Serve as the escalation point and lead coordinator for
third-party security incident response and containment. Deliver
risk dashboards and briefings to senior leadership, providing clear
visibility into trends, emerging threats, and program
effectiveness. Influence commercial and operational strategies by
contextualizing vendor risk in terms of business continuity and
readiness. Build a roadmap for continuous improvement, leveraging
risk analytics, automation, and threat intelligence to proactively
reduce exposure. What We Seek Bachelor’s degree in Information
Security, Risk Management, Business, or a related field (or
equivalent experience). Advanced degree is desirable, but not
required. 6 years managing a team, process or program in
third-party risk management, vendor risk assessment, or IT security
risk management. Demonstrated success in building or scaling
TPRM/GRC programs within regulated environments. Advanced knowledge
of regulatory and industry standards including FDA, HIPAA, GxP,
NIST, and ISO. Hands-on experience with enterprise-grade GRC and
vendor risk management platforms (e.g., Archer, OneTrust,
ServiceNow VRM). Strategic mindset with the ability to synthesize
risk into executive-ready narratives and influence key
decision-makers. Strong communication and negotiation skills to
drive alignment across legal, IT, procurement, and external
partners. Track record of leading incident response and business
continuity planning involving third-party risks. Familiarity with
privacy-related compliance and tooling, including DSAR handling and
consent management. Experience in biotech, pharmaceuticals, or
highly regulated industries strongly preferred. Preferred
Certifications or Equivalent Experience Certified Information
Systems Auditor (CISA) Certified Information Security Manager
(CISM) Certified Third Party Risk Professional (CTPRP) Certified
Information Systems Security Professional (CISSP) ISO 27001 Lead
Auditor or equivalent experience Certified in Risk and Information
Systems Control (CRISC) (Preferred for risk management expertise)
What We will Provide to You: The base salary range for this role is
$185,250 – $204,750. The final compensation will be commensurate
with such factors as relevant experience, skillset, internal equity
and market factors. Avidity offers competitive compensation and
benefits which includes the opportunity for annual and spot
bonuses, stock options and RSUs, as well as a 401(k) with an
employer match. In addition, the comprehensive wellness program
includes coverage for medical, dental, vision, and LTD, and four
weeks of time off. A commitment to learning and development which
includes a variety of programming internally developed by and for
Avidity employees, opportunities for job-specific training offered
by industry, and an education reimbursement program. LI-DNI Avidity
Biosciences 10578 Science Center Dr. Suite 125 San Diego, CA 92121
O: 858-401-7900 F: 858-401-7901
Keywords: , Lake Forest , Associate Director, IT Third-Party Risk, IT / Software / Systems , San Diego, California
