Third Party Risk Management - Cyber Security (Gurgaon)

Role Description –

• Lead the end-to-end third-party risk assessment process including initial due diligence, onboarding, and periodic reviews.

• Collaborate and lead discussions with various departments from client’s team including Legal, IT Security, Procurement, and Business Units to ensure comprehensive risk coverage.

• Lead engagement team in delivering client engagements and assist delivery team members during engagements

• Develop and maintain the TPRM framework, policies, and procedures in line with industry best practices and regulatory expectations.

• Prepare and present risk reports, dashboards, and metrics to senior management and risk committees.

• Act as a subject matter expert during third-party risk assessments, with expertise in regulatory and compliance frameworks such as ISO 27001, SOC 2, NIST, GDPR, and RBI Guidelines, PCI DSS etc.

• Perform quality reviews of work performed by team members

• Should be able to work independently on short term engagements

• Support Managers/AD/D in assessment/ audit execution, reporting, quality review and tracking

• Support Managers/AD/D in responding to RFP, proposals and new opportunities of business development

• Provide ongoing improvement opportunities including automation of third-party assessment execution

• Flexible to step-in and perform work on ground such as conducting risk assessments and audits with respect to people, process and technology

Desired qualifications

· 6+ Relevant years of experience in Third party risk management

· Relevant years of experience in IT Audits, Cloud security assessment

· Experience with ISO22301, 27001 implementation and audits

· Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA to work in a cross-functional, cross-cultural matrix environment

· Understanding of Third party/vendor/supplier risk management considerations

· Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management

· Excellent written/verbal communication

· Excellent documentation and presentation skills

· Highly motivated and willing to work in local and global environments

· Security certifications like CISSP, CISA, CISM, CEH, ISO27001

· Work experience in Infrastructure / Application Security

· Work experience in IT Audit

· Work experience in Information Risk Management