61 Tprm Jobs - Page 3

Looking for strong TPRM candidate + TPRM any tool like (SecurityScorecard, BitSight, RiskRecon, ProcessUnity, Prevalent, OneTrust, Archer TPRM, and UpGuard)+ Cyber security exp is plus

EY GDS Consulting - Financial Services Third-Party Risk Management (FS TPRM) Senior As part of our EY- FS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity Were looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- FS TPRM team . It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within EY Consulting Services and with other services across the organization. Skills and attributes for success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 3 to 6 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like Process Unity, ServiceNow, Archer. What we look for A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What working at EY offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you

Job Title: Cyber Third-Party Risk Management (TPRM) Specialist Working Location: Pune Work Experience: 5 to 8 Years CTC Budget: 25 LPA Job Level / Grade: Middle Level POSITION SUMMARY We are seeking an experienced and skilled Cyber TPRM Specialist to join our Cyber Security team. The successful candidate will be responsible for conducting comprehensive risk assessments of our third-party vendors and partners, focusing on their cybersecurity posture and potential risks to our organization. Additionally, this role will involve mentoring junior cyber risk analysts, fostering their professional growth, and enhancing the overall capabilities of the team. The Specialist will work closely with the TPRM Lead in Australia. The activity will include: Conduct questionnaire-based assessments to evaluate vendors' cybersecurity practices. Perform on-site assessments of critical vendors as necessary. Analyze assessment results and provide detailed risk reports to stakeholders. Collaborate with internal teams to remediate identified risks. Prepare and report on key metrics to measure the effectiveness of the TPRM program. Develop dashboards and reports to communicate TPRM performance to senior management. Review variations to the standard cyber clause in contracts and facilitate necessary negotiations and approvals in collaboration with legal, procurement and risk teams. Stay current with industry trends, regulations, and best practices in cybersecurity and third-party risk management. Mentor and guide junior cyber risk analysts in their professional development. Provide training and support to team members on TPRM methodologies, tools, and best practices. Foster a culture of continuous learning and improvement within the team. Assist in developing and refining assessment processes and methodologies. Contribute to the creation of training materials and internal knowledge bases. Work closely with the TPRM Lead in Australia to align assessment processes and risk management strategies. The individual must possess: Deep knowledge of cybersecurity frameworks, risk assessment methodologies, and industry standards, coupled with an understanding of technical systems and vulnerabilities. Deep knowledge of cybersecurity practices, risk assessments and compliance activities Ability to develop and implement long-term strategies for managing third-party cyber risks, aligning with organizational goals, and adapting to evolving threat landscapes. Multi-Cycle knowledge in driving compliance Strong stakeholders management skills Strong analytical, research and recommendation skills Good skills in preparing and presenting management reports and dashboards • Ability to travel for on-site assessments (up to 20% of the time) The position will work closely with senior management and other company teams to ensure the risks are identified, tracked, and remediated. This role requires initiative to take ownership of issues, and work with other support parties both internal and external to company. The role requires a close working relationship with other team managers for continual improvement of processes, procedures, and services, as well as working with company counterparts for all regional security initiatives. This role will be responsible for ensuring the successful execution of Supply Chain security risk governance program for company. KEY RESPONSIBILITIES AND RESULTS Key Result Areas Required KPIs Measurement Method Planning Review and understand the present process and improve as required. Analyze TPSP data and categorize them appropriately for assessment. Lead initiatives to ensure that all third-party assessments are fully compliant with evolving regulatory requirements and industry standards, advising on potential changes and their impacts. Design and implement robust frameworks and methodologies for assessing third-party cyber risks, ensuring they are comprehensive and scalable. Define the end-to-end plan for TPSP governance. Effectiveness of the plan Execution Execute TPSP program to the plan. Lead complex assessments that require in-depth analysis of third-party systems, including cloud environments, supply chains, and emerging technologies. Manage vendor and TPSP issues on time to meet deadlines and cost. Focus on identifying critical risks that could have a significant impact on the organization and develop strategies to mitigate these risks effective. Ensure at every stage of the project the quality of the TPSP responses and our assessments are held to the highest order. Manage and update documentation of artefacts and reports in existing tools/ repositories. Establish repositories where absent Deliver project on time and budget Reporting Monitor and drive remediation of identified issues with stakeholders. Develop and deliver detailed reports for executive leadership, providing insights into the overall risk landscape, key vulnerabilities, and recommended action. Establish and monitor key performance indicators (KPIs) for third-party risk management, using these metrics to drive continuous improvement. Assess, document, and communicate risks in context with business operations. A well understood report for the stakeholders Communication and Teamwork Working together with other functions of Security & Risk on refining risk and security practices Build relationships with key stakeholders across the business (internally and externally) Customer Satisfaction measures Feedback from other staff members MAJOR CHALLENGES / TYPICAL PROBLEMS ENCOUNTERED List the principal challenges or problems faced by the role in achieving the results of the position. Also, describe the extent to which originality or creativity is required in solving the problems faced. Specify unique problems associated with the position because of job complexity, economic and environmental aspects or growth potential. For existing role, please indicate additional challenges and problems in bold. 1. Identifying accurate Vendor information / key stakeholders in a large organization 2. Ability to manage various procedural issues with Internal stakeholders as well as TPSP (such as scheduling issues, Vendor contractual clauses, escalations, etc.) 2. Communicating the potential impact of a technical risk as a financial or business risk to stakeholders / management 4. The ability to communicate technical security issues to senior management (SLT/ELT) in a clear and concise manner 5. Stay abreast of information security issues and regulatory changes affecting the telecommunications industry. SECTION D: DECISION MAKING AUTHORITY Provide key information (both from a Problem Solving and Accountability Perspective) with appropriate examples to help define the scope and impact of the job and the extent to which the job has authority to manage resources and make decisions. (To also consider the approval limits of the role, procedural decision making, authority and empowerment.) For existing role, please indicate additional decision-making authority in bold. Decisions made under own authority Decisions referred to higher authority Assessment management Deviations Project Management Deviations KEY INTERNAL / EXTERNAL CONTACTS Contact Purpose Reporting Manager • Day-to-day interaction with line manager on all assigned responsibilities, escalations, and for all administrative matter Team peers • Knowledge sharing/transfer, team collaboration, problem resolution and brainstorming, solution development, ensuring team redundancy is in place for critical functions Other company peers • Collaboration with other company peers to ensure effective and timely delivery of security deliverables from an information security, governance, risk, and compliance Security Vendors / Partners • Work with vendor support resources where required for troubleshooting issues with tools. • Keep abreast of latest security trends and technologies for own professional development provided by key security vendors / partners Markets and Customers Target markets / segments This activity assesses the risks in the BU through TPSPs. It helps BU manage their risks better. Impact on customers Significant improvement of confidence and trust in company customer facing systems. Customer type Mainly internal Mainly external Both internal and external SECTION F: QUALIFICATIONS / EXPERIENCE / KNOWLEDGE REQUIRED Indicate key knowledge and skills required for this role to perform the tasks to a satisfactory level. To also specify a suitable level of qualification required (i.e. basic, advanced, or professional), where applicable. Category Essential for this role Good to have Education and Qualifications • Bachelor's degree in Information Security, Computer Science, or related field. • Relevant certifications (e.g., CISSP, CISA, CRISC). • Understanding of local Australian Privacy laws, data protection methods and technologies Work Experience • 5+ years of experience in cybersecurity, risk management, or related areas. • Experience in Vendor Risk Management and Compliance: Proven track record in managing third-party cybersecurity risks, conducting comprehensive vendor audits, and ensuring compliance with industry standards. • Leadership Experience: Experience in leading cybersecurity projects, managing teams, or overseeing vendor relationships and ensuring their alignment with the organization’s security policies. • Experience in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or controls related function preferred Technical / Professional Skills Please provide at least 3 • Advanced Risk Management: Expertise in risk assessment methodologies and frameworks (e.g., PCIDSS, OWASP, NIST, ISO/IEC 27001, CIS Controls, SOC 2).

Job Title: Third-Party Control Assurance Analyst Corporate Title: AS Location: Bangalore, India Role description: The Third-Party Control Assurance Analyst is responsible for supporting the Bank with the execution of control assurance process for the relevant third-party vendors in line with the defined policy, process and guidelines. The analyst will be coordinating with relevant internal and external stakeholders to assess and verify third-party vendor control effectiveness to meet the organizations control requirements. The role is essential for monitoring third-party risks and enabling risk mitigation to protect the organization. What we’ll offer you As part of our flexible scheme, here are just some of the benefits that you’ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities: Conduct outreach to relevant internal stakeholders and third-party vendors to initiate the assurance process and gather responses to the assurance testing questionnaire including other necessary information. Support Service Owners and Vendor Managers in organizing governance meetings and preparing agenda to ensure continuous third-party vendor risk monitoring. Provide ongoing support to Service Owners and Vendor Managers by participating in governance meetings and answering queries related to Assurance Testing. Perform due diligence on third-party vendor by assessing gathered responses according to the defined internal process and guidelines. Escalate identified gaps to relevant Assessment Teams or 2LoD Risk Type Controllers. Assign risk scores to the third-party vendors according to the defined scoring matrix. Create and publish Assurance Testing risk assessment reports which outline identified risks, mitigation actions and outcomes. Support with setting up and conducting Assurance Testing training sessions for internal stakeholders such as Service Owners and Vendor Managers. Your Skills & Experience: Professional experience in either audit, risk management, compliance, procurement are an advantage Understanding of third-party risk management framework, processes and best practices Have a strong appreciation of risks, regulatory requirements and controls generally and in particular in the vendor outsourcing and service delivery environment Analytical, problem-solving and critical thinking abilities Ability to diagnose improvement areas across processes, tools and systems Excellent oral and written communication skills Relationship building and stakeholder management skill set How we’ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

2-5 years of experience in Third-Party Risk Management (TPRM) or vendor risk assessment. Knowledge of risk assessment frameworks such as ISO 27001, NIST, PCI DSS, GDPR, SOC 2

Role-TPRM Location- Hyderabad, Chennai, Bangalore OVERVIEW KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills Selection Process Candidates should expect 2-3 rounds of personal or telephonic interviews to assess fitment and communication skills. Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Must Have Data Engineer with 2-4 years of experience in handling compliance data . Candidate should have prior ServiceNow knowledge of GRC and TPRM processes. The candidate should have expertise with tableau integrations as well. Analyzing the requirement and development of that requirements by using the best practices suggested by the ServiceNow. Debugging the issues as and when needed. Monitoring the vulnerabilities to check the fetched data from integration. Implementation of workflows and flow designers. Creating the scheduled jobs, creation of client and server-side scripts as per the requirements. Analysis, documentation and management of customer requirements according to standardized methods. Coordination of project activities between clients and project teams. Stakeholder Interaction Stakeholder Type Stakeholder Identification Purpose of Interaction Internal Technical Lead/ Project Lead Regular reporting & updates Security Intelligence (Practice) Coordination for security reasons External Customer To coordinate for all security breaches & resolutions Display Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Leveraging Technology - Knowledge of current and upcoming technology (automation, tools and systems) to build efficiencies and effectiveness in own function/ Client organization - Expert Process Excellence - Ability to follow the standards and norms to produce consistent results, provide effective control and reduction of risk ? Intermediate Functional/Technical - Knowledge of Network Security devices, firewalls, end points, SIEM, application security, IPS/IDS, VA / PT skills - N/A Competency Levels Foundation Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance. Competent Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well. Expert Applies the competency in all situations and is serves as a guide to others as well. Master Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognized within the entire organization. Behavioral Competencies Effective Communication Collaborative Working Execution Excellence Problem Solving & Analytical Skills Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA?s (95%), response time and resolution time TAT

Job Responsibilities: 6-8 Years of experience in Performing Vendor Risk Assessment, Review Questionnaire Response from Vendor, Report Creations using One Trust TPRM, Coordinate with Vendor and Business Stakeholders, Understanding of Global Security and Compliance Standard NIST, ISO, SOC1/2, GDPR, Hi-Trust, HIPAA, SOX

CISO Analyst/Support Agent (GCC) As a CISO Analyst/Support Agent you are responsible for helping setting up and maintaining the Third Party Cyber Risk Management (TPCRM) and Client Information Security, Tendering, Onboarding & Support (CISTOS) services. You are supporting the wider IS GRC team with related requests, in an effort to improve the Randstad security posture. In this role you are the First Point of Contact (FPoC) for day-to-day activities in the TPCRM process, as well as for client inquiries around Randstads security posture. You will be performing administrative tasks (e.g responding to emails and inquiries, creating dashboards and reports, working on documentation etc.), as well as operational ones (e.g. reviewing related inquiries). Your main collaborators are the TPRM, DP and Legal functions, as well as the client-facing side of Randstad (e.g. Randstad Sourceright, local markets). Your responsibilities - CISTOS Analyst/Support Agent Process: Support with the creation of the information security knowledge database: collect, populate and update questionnaire foundation; Be the first point of contact for client requests and inquiries (general questions, intake forms, information requests); Act as a liaison with the Randstad GRC team (Yannis) for level 2 support (e.g. for elaborate client requests and anything outside Business as Usual (BAU) requests); Escalate unresolved/high criticality issues to the Randstad GRC team (GRC team, or supporting market lead); Maintain information materials; Support with client audits (onsite & on-screen sessions) - no physical attendance/travel required; Play an active role in further improving the CISTOS service by being an engaged and critically-thinking stakeholder; OPTIONAL - Support with the setup/integration of Confluence and Connect for the Client Information Security Tendering, Onboarding and Support (CISTOS) service Reports: Maintain a thorough risk register and create dashboards and reports to capture various client requests Populate the register & tracker for continuous monitoring of CISTOS service and SLA adherence Create & maintain monthly reports on request status, volume of inquiries etc Your responsibilities - TPCRM Analyst/Support Agent Process: Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings With whom you will be working? This role is positioned under the Global CISO Office, in which teams with different areas of expertise work on a safer Randstad. For example, the GRC team, Operations & Intelligence, Data Security, Application security and Security Engineering are part of the CISO Office. The goal of the CISO Office is to guard and constantly improve our security posture worldwide to protect Randstad against cyber threats from inside and outside. We work very closely together with our colleagues in the Global Data Protection team. About you We are looking for an experienced, enthusiastic hands-on professional who acts proactively to ensure that everything runs smoothly. You have an affinity with privacy, security, procurement, supplier management and process optimization and you monitor the quality and effectiveness of the CISTOS process. You have excellent communication skills, produce tasks and work with a structured process, are a real team player, but also perfectly capable of working independently to operate. We are looking for someone with the following qualities: Higher education (bachelor at minimum) on information security or relevant field Knowledge of GDPR/privacy legislation Affinity with privacy & security: advanced knowledge of information security and privacy Pragmatic, client and solution-oriented Organizational awareness Proactive, assertive and able to work independently Social / communicative skills, easily establishes contact with various people on different levels Analytical - pays close attention to detail Fluent English, verbal and written It is an advantage if you have knowledge of the OneTrust application and/or ServiceNow, as well as the Google suite (Sheets, Docs, Slides), PowerBI and Jira/Confluence

Additional Job DescriptionAdditional Job Description Job Title: IVMO Divisional Intra Group Sourcing Risk Analyst Corporate Title: AVP Location: Bangalore, India Role Description DB Vendor Management (VM) are responsible for maintaining a bank wide end two end VM framework. The Infrastructure Vendor Management Office (IVMO) is responsible for implementing key elements of the framework, therefore ensuring the most efficient and effective execution of any sourcing event in full compliance with the groups policies and standards. The IVMO partners with the business functions to maintain a full understanding of business priorities and requirements to lead to the best sourcing outcomes across the Bank. The IVMO manages the divisional contract and Vendor legal governance and contributes to the required group wide transparency on our key vendor partners to drive informed management decisions. The IVMO Divisional Vendor Risk Manager is responsible and acts as the interface between the Infra division, IVMO Vendor Management, divisional control officer, global procurement and 2LoD risk type controllers to ensure the most efficient and effective way of delivering intra-group outsourcing profile risk transparency and driving of divisional residual risks mitigation. The IVMO divisional Intra Group Risk manager is also responsible for ensuring business function adherence to bank wide policies and processes. What well offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy. Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities: Implement divisional intra group sourcing governance framework and process across Infra Divisions. Ensure appropriate intra group sourcing agreements are set up, updated and governed and the appropriate risk assessment processes are completed. Maintains strong network and partnerships within the respective Infra division, Global Procurement, Divisional Control Officers and 2LoD risk Type Controllers Drive implementation of remediation projects in support of regulatory/DB policy adoption into business divisions Partner with IVMO Vendor Management function to establish intra group risk profiles and measurements to Key Risk Indicators Your Skills & Experience: Significant Risk Domain and business management experience Solid understanding of policies and regulatory requirements on outsourcing based on industry standards Relationship building and stakeholder management skill set Experience in change execution Experience of Finance/Cost allocations etc is valued Business case and benefits management Ability to diagnose improvement areas across processes, tools and systems Fully conversant with Vendor Service Delivery metrics (SLA/KPIs/KRIs)

Conduct comprehensive risk assessments of third-party vendors, including evaluating their information security practices, operational capabilities, and compliance with legal and regulatory requirements Perform due diligence on prospective and existing vendors, ensuring they meet the organization's standards for security, privacy, and business continuity. Continuously monitor third-party risk exposure and create regular reports on the risk status of vendors. Identify and escalate potential issues to management. Review and manage vendor contracts, ensuring that appropriate risk management clauses and service-level agreements (SLAs) are in place. Collaborate with internal stakeholders and vendors to develop and implement risk mitigation strategies. Recommend corrective actions or improvement plans for third-party vendors with identified risks Assist in the development and maintenance of third-party risk management policies, procedures, and frameworks in alignment with industry best practices and regulatory requirements. Work closely with internal teams (e.g., Legal, Procurement, Compliance, IT Security) to ensure a unified approach to third-party risk management Ensure compliance with relevant regulations, standards, and guidelines (e.g., GDPR, ISO 27001, NIST, PCI-DSS) related to third-party risk management. Conduct periodic vendor audits to verify compliance with contractual obligations and organizational policies Assist in the investigation and resolution of third-party risk incidents, including data breaches or service disruptions.