Cybersecurity - Third Party Risk Management Specialist

T.EN GLOBAL BUSINESS SERVICES PRIVATE LIMITED

8 - 13 years

7 - 11 Lacs

noida

Posted:1 day ago| Platform:

Apply

Skills Required

procurement talent acquisition risk assessment iso 27001 data processing business strategy risk management continuous improvement monitoring

Work Mode

Work from Office

Job Type

Full Time

Job Description

Due Diligence and Onboarding:
Conducting initial risk assessments on potential new vendors. This involves evaluating their security posture, reviewing their security policies and controls, and ensuring they meet the organizations minimum-security requirements before a contract is signed. This process often includes sending out detailed questionnaires and reviewing certifications like SOC 2 or ISO 27001.
Risk Assessment and Analysis:
A core responsibility is performing comprehensive cybersecurity risk assessments on new and existing third parties and assigning it into a risk category (eg, critical, high, medium, low) based on type of risk they can bring to organization. A vendor handling sensitive customer data would be a high-risk vendor, while an office supply vendor would be low risk.
Definition of requirement:
Once the risk profile is identified, security requirements and contractual clauses need to be defined and applied in partnership with procurement and business stakeholders to include such requirements within the contract or agreement.
Continuous Monitoring:
Cybersecurity threats are constantly evolving, so a one-time assessment is not enough. A key duty is performing continuous monitoring of third-party vendors to detect changes in their security posture, such as new vulnerabilities, a data breach, or a drop in their security ratings. It can be performed by analyzing third-party assurance reports (eg SOC 2 Type II) and/or with automated tools.
Reporting and Communication:
Preparing and presenting reports on third-party risk exposure to internal stakeholders
Responsible for
defining and maintaining third parties security policy, standards and procedures.

About you:

At least 8 years of experience in Cyber risk management and Third-Party Risk Management with the ability to identify, analyze, and quantify risks.
GRC Platforms: Experience using Governance, Risk, and Compliance (GRC) tools to manage the TPRM lifecycle.
Regulatory Awareness: Experience in dealing with cyber security standards and privacy regulations such as ISO27001, NIST CSF, ISA/IEC 62433, CIS, Cyber Essentials, NIS2, GDPR and CCPA.
Experience with Oil and Gas industry is a plus.
Experience in writing policies, procedures.

Technical Experience:

Understanding of IT and OT domains along with their differences.
Good knowledge of cybersecurity standards and best practices such as ISO27001, ISA/IEC 62433, IEC 61850, IEC 27019, NIST CSF, CIS.
Good knowledge of Third-Party Risk Assessment Tools (eg Black Kite, BitSight, Security Scorecard, RiskRecon, or Up Guard for continuous monitoring of vendor security posture.
Familiarity with Governance, Risk & Compliance tools like SureCloud, Archer, ServiceNow GRC, or MetricStream for tracking third-party risks.
Experience with SIG (Standardized Information Gathering) questionnaires or CAIQ (Consensus Assessments Initiative Questionnaire) from the Cloud Security Alliance.
Understanding of GDPR, CCPA, and other regional data protection laws that impact third-party engagements.
Ability to review security clauses in contracts, SLAs, and DPAs (Data Processing Agreements) to ensure alignment with internal security policies.
Knowledge of how to incorporate threat intelligence feeds into third-party risk assessments.
Familiarity with incident response procedures involving third parties, including breach notification and containment protocols.
Understanding shared responsibility models in cloud environments (AWS, Azure, GCP) and how third-party risks manifest in cloud services.
Ability to support internal and external audits related to third-party cybersecurity controls.
Understanding of risks related to open-source components, software dependencies, and SBOMs (Software Bill of Materials)

More Jobs at T.EN GLOBAL BUSINESS SERVICES PRIVATE LIMITED

Piping Designer - E3D/S3D

Ahmedabad

10 - 15 yrs

INR 8 - 9 Lacs

Product Support Functional Analyst

Prayagraj, Varanasi, Ghaziabad, Kanpur, Lucknow, Agra

5 - 8 yrs

INR 7 - 11 Lacs

System Analyst - Digital Delivery

Prayagraj, Varanasi, Ghaziabad, Kanpur, Lucknow, Agra

4 - 8 yrs

INR 10 - 11 Lacs

Support Functional Analyst

Prayagraj, Varanasi, Ghaziabad, Kanpur, Lucknow, Agra

3 - 10 yrs

INR 4 - 8 Lacs

AI solution architect

Prayagraj, Varanasi, Ghaziabad, Kanpur, Lucknow, Agra

8 - 13 yrs

INR 15 - 19 Lacs

Mock Interview

Practice Video Interview with JobPe AI

Start Job-Specific Interview

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.