Consultant / AM / DM - Third Party Risk Assessment / ISMS

As a part of T&T team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll:

• ISMS or Third-Party Risk Assessments
• Ability to effectively liaise with clients and manage stakeholder expectations.
• Work with client teams from various depts. Such as compliance teams, auditing and regulators to identify and document various requirements/obligations
• Conducting risk assessments and audits with respect to people, process and technology.
• Identification of gaps/observations, risks, opportunities and improvement of policies, processes, procedures and standards.
• Documenting information security risk, recommendation and compensating controls in the form of assessment/audit reports
• Collaborate with other members of the engagement team to plan and develop relevant work papers/deliverables for vendor information security reviews, define approach for vendor assessment and develop vendor evaluation model
• Handle key activities of assessment/ audit life cycle: planning, execution, reporting, quality review and tracking / TPRM framework
• Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues
• Prepare detailed risk assessment reports, including findings and actionable recommendations for stakeholders and senior management.
• Monitor industry trends and regulatory changes to maintain up-to-date knowledge of compliance requirements and best practices.

Qualifications & Certifications

• 4+ Relevant years of experience in Third party risk management / IT Audits and Cloud security
• Experience with ISO/IEC 27001 / ISO 27701 / ISO22301 implementation and audits
• Preferred certifications ISO 27001 LA / ISO22301 LI or LA Offensive Security Certified Professional, CISA

• Understanding of Third party/vendor/supplier risk management considerations

•Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks – ISO 27001 / NIST-CSF / PCI-DSS / CIS for Third party risk management

• Security certifications like CISSP, CISA, CISM, CEH, ISO27001

• Work experience in IT Audit

• Work experience in Cloud Security

• Work experience in Information Risk Management

• Work experience in Information Security or Cyber Security domains

• GRC tool experience like Archer, ServiceNow, OneTrust, ProcessUnity, Security Scorecard