Vendor Risk Management and GRC

Support the preparation, coordination, and documentation of compliance audits (e.g., ISO 27001, SOC 2, ISO 27701, etc.) by gathering and managing audit evidence, managing audit trackers, etc. Manage periodic updates of Information security policies in terms of annual updates, maintenance, etc. Assist in the development and delivery of security awareness training materials and campaigns to educate employees on security policies, procedures, and best practices. Research emerging trends, threats, and technologies in information security, GRC, and related areas, and assist in analyzing their potential impact on the organization. Assist in conducting risk assessments and due diligence activities on third-party vendors and suppliers to evaluate their security controls, practices, and compliance with contractual requirements. Aid in identifying and analyzing potential risks associated with third-party relationships, including data security, privacy and compliance risks. Monitor the Vendor Assessment tool continuously and ensure that the vendor and assessment records are appropriate at all times Maintain a track of all vendors due to periodic risk assessments and assist in conducting the periodic assessments Assist in maintaining accurate and up-to-date documentation of third-party risk assessments, findings, and remediation activities, and prepare reports for management and stakeholders as needed. Contribute to the development and enhancement of third-party risk management policies, procedures, and guidelines to ensure alignment with industry best practices and regulatory requirements. Functional Competencies Entry-level understanding of at least 3 of the following areas viz. Regulatory and Compliance requirements; implementation knowledge in risk management, policy development, security controls implementation, incident response, technical proficiency, vendor management, monitoring and reporting, collaboration, and continuous improvement. Fair understanding in Vendor Management, Risk Management, Facilitation, Communication Skills, Collaboration, Due Diligence and Compliance