Principal Analyst, Cyber & Information Security – Third Party Risk & GRC

Manager, Cyber & Information Security - Hybrid - Dublin, Ireland

ICON plc is a world-leading healthcare intelligence and clinical research organization. We’re proud to foster an inclusive environment driving innovation and excellence, and we welcome you to join us on our mission to shape the future of clinical development.

About the role :

Office Hybrid - 60% office-based in Leopardstown, Dublin 18; 40% remote.

We are currently recruiting an experienced and driven Information Security Manager to work across key functions within our Information Security program, with a focus on Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC). Reporting to the Senior Director of Information Security, this role will be instrumental in assessing and managing supplier risk, responding to third-party incidents, and driving strategic enhancements to our TPRM framework. In addition, the role will support internal and external audit activities, client security assessments, and ensure ongoing compliance with our information security certifications.

Key responsibilities will include :

Third Party Risk Management (TPRM)

• Lead and execute supplier risk assessments, including initial due diligence and ongoing monitoring.
• Maintain and enhance operational processes related to supplier management and periodic reviews.
• Collaborate with Procurement, Legal, Data Privacy and Business stakeholders to ensure alignment on third-party risk requirements and assessment outcomes.
• Manage third-party security incidents, coordinating response efforts and remediation activities.
• Maintain the third-party corrective actions register, treatment plans and ensure timely updates and closure.
• Management of third-party continuous security monitoring and ratings platforms.
• Drive strategic initiatives to mature the TPRM program, including continuous monitoring, automation, metrics, and reporting.
• Perform TPRM activities in accordance with company policies and industry standard frameworks (e.g., ISO 27001, NIST CSF, CIS, Cloud Security Alliance).
• Stay current on emerging information security threats, incidents, and trends, and assess their potential impact on the organisation and our suppliers.

Governance, Risk & Compliance (GRC)

Desired Qualifications and Experience

#LI-Hybrid

#LI-MK2

What ICON can offer you :

Our success depends on the quality of our people. That’s why we’ve made it a priority to build a diverse culture that rewards high performance and nurtures talent.

In addition to your competitive salary, ICON offers a range of additional benefits. Our benefits are designed to be competitive within each country and are focused on well-being and work life balance opportunities for you and your family.

Our benefits examples include :

Visit our careers site to read more about the benefits ICON offers.

At ICON, inclusion & belonging are fundamental to our culture and values. We’re dedicated to providing an inclusive and accessible environment for all candidates. ICON is committed to providing a workplace free of discrimination and harassment. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please let us know or submit a request here

Interested in the role, but unsure if you meet all of the requirements? We would encourage you to apply regardless – there’s every chance you’re exactly what we’re looking for here at ICON whether it is for this or other roles.

Are you a current ICON Employee? Please click here to apply