Chief Manager Vendor Risk Assessment and Governance

JOB ROLE

Establish and lead end-to-end baseline governance framework for vendor risk assessment program, identify areas of potential exposure, develop and align vendor risk management strategies with organizations goals and objectives, and execute program-ensuring consistency. Supporting in other areas of Compliance & Governance in-line with the regulatory obligations.

KEY RESPONSIBILITIES

• Perform initial and periodic risk assessments, and other necessary reviews, to identify, measure and manage third party information security risks based on organizations standards and risk appetite

• Evaluate vendor compliance with regulatory requirements and internal policies

• Review contracts, project documentation, technical and functional system design documents, vendor security policies and other vendor security references (i.e. SOC II type 2, SIG, Acceptable Usage Policy, PCI ROC, BitSight, etc.) to determine the extent, type, and scope of risks of the vendor relationship.

• Evaluate criticality of outsourced services and ensure appropriate oversight mechanisms are in place

• Develop and implement controls to mitigate risks associated with third-party service providers, including contingency planning and exit strategies.

• Monitor vendor performance and risk exposure on an ongoing basis

• Respond to audit and regulatory inquiries related to third-party risk

• Ensure adherence to regulatory guidelines (e.g., RBI IT Outsourcing guidelines, DPDP Act etc.) for outsourced services.

• Assess vendor controls across key domains: network security, application security, cloud security, IAM, incident response, and business continuity.

• Review vendor SOC reports, penetration test results, and security certifications (e.g., ISO 27001, SOC 2).

• Develop audit calendar, related key activities, review of checklists and ensure adherence towards the same.

• Good knowledge on Data Privacy controls and its implementation.

• Communicate to business units and cross-functional teams regarding significant third-party information security events and escalate to senior management, when applicable.

• Coordinate with IT architects, project teams and vendors to bring system designs into alignment in-line with organizations security standards.

• Work along with project teams and provide Technical support/expertise from information security.

• Supporting in various Governance activities in-line with the regulatory requirements.

• Working along with various IT stakeholder for various audits.