Cybersecurity - Third Party Risk Management Specialist

Cybersecurity - Third Party Risk Management Specialist

Cybersecurity

Noida

About us:

Global Business Services India

About the opportunity we offer:

• Due Diligence and Onboarding: Conducting initial risk assessments on potential new vendors. This involves evaluating their security posture, reviewing their security policies and controls, and ensuring they meet the organization's minimum-security requirements before a contract is signed. This process often includes sending out detailed questionnaires and reviewing certifications like SOC 2 or ISO 27001.
• Risk Assessment and Analysis: A core responsibility is performing comprehensive cybersecurity risk assessments on new and existing third parties and assigning it into a risk category (e.g., critical, high, medium, low) based on type of risk they can bring to organization. A vendor handling sensitive customer data would be a high-risk vendor, while an office supply vendor would be low risk.
• Definition of requirement: Once the risk profile is identified, security requirements and contractual clauses need to be defined and applied in partnership with procurement and business stakeholders to include such requirements within the contract or agreement.
• Continuous Monitoring: Cybersecurity threats are constantly evolving, so a one-time assessment is not enough. A key duty is performing continuous monitoring of third-party vendors to detect changes in their security posture, such as new vulnerabilities, a data breach, or a drop in their security ratings. It can be performed by analyzing third-party assurance reports (e.g. SOC 2 Type II) and/or with automated tools.
• Reporting and Communication: Preparing and presenting reports on third-party risk exposure to internal stakeholders
• Responsible for defining and maintaining third parties’ security policy, standards and procedures.
  

About you:

• At least 8 years of experience in Cyber risk management and Third-Party Risk Management with the ability to identify, analyze, and quantify risks.
• GRC Platforms: Experience using Governance, Risk, and Compliance (GRC) tools to manage the TPRM lifecycle.
• Regulatory Awareness: Experience in dealing with cyber security standards and privacy regulations such as ISO27001, NIST CSF, ISA/IEC 62433, CIS, Cyber Essentials, NIS2, GDPR and CCPA.
• Experience with Oil and Gas industry is a plus.
• Experience in writing policies, procedures.
  

Technical Experience:

• Understanding of IT and OT domains along with their differences.
• Good knowledge of cybersecurity standards and best practices such as ISO27001, ISA/IEC 62433, IEC 61850, IEC 27019, NIST CSF, CIS.
• Good knowledge of Third-Party Risk Assessment Tools (e.g. Black Kite, BitSight, Security Scorecard, RiskRecon, or Up Guard for continuous monitoring of vendor security posture.
• Familiarity with Governance, Risk & Compliance tools like SureCloud, Archer, ServiceNow GRC, or MetricStream for tracking third-party risks.
• Experience with SIG (Standardized Information Gathering) questionnaires or CAIQ (Consensus Assessments Initiative Questionnaire) from the Cloud Security Alliance.
• Understanding of GDPR, CCPA, and other regional data protection laws that impact third-party engagements.
• Ability to review security clauses in contracts, SLAs, and DPAs (Data Processing Agreements) to ensure alignment with internal security policies.
• Knowledge of how to incorporate threat intelligence feeds into third-party risk assessments.
• Familiarity with incident response procedures involving third parties, including breach notification and containment protocols.
• Understanding shared responsibility models in cloud environments (AWS, Azure, GCP) and how third-party risks manifest in cloud services.
• Ability to support internal and external audits related to third-party cybersecurity controls.
• Understanding of risks related to open-source components, software dependencies, and SBOMs (Software Bill of Materials).
  

Your career with us:

What’s next?