Job Purpose:
Responsible for
- Third party information security risk assessments.
- Third party onsite audit & Management of audit lifecycle
- Cyber risk assessment
- Third party security incident management
- Vendor coordination
- Dashboarding and Governance
Job Responsibilities
- Manage information security audit lifecycle
- Perform onsite information security audit of vendors
- Coordination with the bank appointed CERTIn auditor and the third parties/vendors throughout the audit lifecycle.
- Perform information security risk assessment
- Own and manage the thirdparty information security risk management program covering onsite / virtual thirdparty assessment and related governance actions information security clauses in agreements (including deviations) refine the associated KRI & threshold/ranges.
- Convene stakeholder meetings as required review and manage the various vendor access scenarios.
- Conduct awareness sessions and sending advisories related to security awareness to third parties as applicable.
- Serve as security liaison between business third parties and internal team.
- Engagement with internal risk functions IT Audit and other functions
- Take part in discussion with third parties to understand the RCA and suggesting corrective actions for any breach attack and incidents to prevent recurrence of the events
- Supporting and submission of artefacts for the governance and compliance requirements of thirdparty information security risk management function
- Information security checks for onboarding of third party based on established process and access scenarios.
Dashboard and Governance
- Tracking and remediation of audit /assessment findings
- Prepare dashboards and project the actual vs planned in all areas of the portfolio and presenting to management
- Project the future maturity and yearly guidance of assessments activities
Educational
- Graduation: BE BTECH BSc BCA
- PostGraduation: M.TECH MBA MCA
- Certifications: CISA CISSP CRISC ISO 27001 PCI etc. would be preferred.
Key Skills
- 12 years experience in the field of Information security and technology.
- Good knowledge in cloud security infrastructure security and application security to perform information security audits and assessments
- Prior work experience in performing information security audits and assessments
- GRC experience with knowledge and understanding in ISO 27001 NIST PCI DSS and other frameworks
- Strong skills using Microsoft Office Suite (Word Excel Powerpoint).
- Good written and spoken communication skills.
- Good analytical and problem solving skills
- Dedication to work & goal defined which is in line with department & organization goals and complete the task & goals defined as per timeline.
Experience Required
Minimum experience in years 12 years
risk manager,TPRM,vendor risk,risk management,ITGC,Cyber risk assessment,vendor incident management,risk assessments