Typically, this full-time role focuses on risk and control functions in support of client risk management and audit programs. It provides back-office support to the Senior Manager Third Party and Customer Assurance, helping to enhance audit and assessment processes. The role operates under general supervision and involves moderately to highly complex tasks, including coordinating and responding to client security assessments and third-party compliance assessments. It also takes the lead in gathering supporting evidence for client InfoSec questionnaires and ensures timely closure of assessments.
Position Description
Actively collates responses for third-party/client assessments and risk questionnaire management programs.
Develops and reports key risk metrics for the third-party/client risk management program
Participates and collaborates in internal InfoSec risk assurance projects, contributing ideas to enhance the client risk management program.
Provides continuous input to improve turnaround time (TAT) for client risk assessment responses and tracks remediation efforts.
Performs basic root cause analysis (RCA) based on client risk assessment audit findings and reports to the manager for remediation tracking.
Recommends modifications to the current client/third-party risk management processes, aligning with evolving global best practices, especially when suppliers operate from cloud platforms.
Strives for continuous improvement in client risk posture across operational processes.
Evaluates risk implications inherent in new or changing third-party relationships as part of risk questionnaire responses.
Demonstrates understanding of general IT infrastructure concepts (e.g., design, development, UAT, licensing, hosting) and cloud security.
Responsibilities will include :
Actively collates responses to the third party/client assessment and/or risk questionnaire management program
Subject Matter Expertise in support to respond for InfoSec questionnaire responses and demonstrate the evidence for the same control objectives to clients/external auditors.
External Audit hosting/responding management by following the ISMS ISO 27001 audit Framework domains controls: like Enterprise risk Management,
Business Continuity Management, Vendor Management, Compliance, and Policy controls
Basic RCA based on client risk assessment audit findings and reporting to the manager for its remediation tracking it in Archer and creating dashboards.
Ability to evaluate risk implications inherent in new or changing third party relationships as part of the risk questionnaire responses shared.
Working closely with internal business owners to resolve any risk mitigation issues responded for the findings.
Participates and collaborates in InfoSec team risk assurance projects internally and contributes ideas to improve the client risk management program.
Education:
Bachelor s degree in science/engineering (Computer Science or equivalent preferred).
CISA, CISM, ITIL, CISSP or at least ISO 27001 -2013 Lead auditor certification is mandatory.
Experience:
Total 4-5 years of experience in information security or operations Risk Management
2 years of IT Audit experience (internal/external) with minimum ISO27001 Lead auditor certification also preferably other security certifications like ITIL, CISA, CISM and CISSP.
Other Knowledge, Skills, Abilities or Certifications: (First list requirements, followed by preferences.)
Understanding of IT and Security Risk as it relates to Client s Risk Management highly preferred
Ability to evaluate risk implications inherent in new or changing third party relationships
Good understanding of Enterprise Risk models and frameworks like ISO27001/NIST/COBIT/PCI-DSS.
Experience working with a diverse range of data sources/streams and managing these effectively
Excellent analytical, decision-making and problem-solving skills
Ability to develop partnership-oriented relationships with other operations and support functional leaders, especially as it relates to third party/client risk management.
Excellent verbal and written communication skills to technical and non-technical audiences of various levels within FADV as well as to global outside parties like customer auditors.
Ability to provide information to a wide variety of audiences regardless of topic and effectively deal with issues that are confidential and sensitive in nature
Ability to persuade and influence others on next steps and be a team player within the global InfoSec team.
Must possess strong ethical standards regarding the handling of confidential information
Must possess good proficiency in MS Excel/Word.
Excellent communication and presentation skills required particularly with performing in-person or phone-based English-speaking client presentations and discussions.
Experience in Archer or any GRC tools preferred
