Information Security Risk Manager -Third Party/Vendor Information

Job description

Job Purpose:- Responsible for 1. Third party information security risk assessments. 2. Third party onsite audit 3. Cyber risk assessment 4. Third party security incident management 5. Vendor co-ordination 6. Dashboarding and Governance

Job Responsibilities (JR) : Actionable

· Cyber risk assessment

· Third party information

security risk assessments

· Governance of third party

onsite audit

· Third party / vendor incident

management

· Third party security awareness

· Perform cyber security and information security risk assessment. Proficient in cloud assessment. · Own and manage the third-party information security risk management program covering onsite / virtual third-party assessment and related governance actions, information security clauses in agreements (including deviations), refine the associated KRI & threshold/ranges. · Manage information security audit performed by the CERT-IN empaneled third-party auditors · Co-ordination with the bank appointed CERT-In auditor and the third parties/vendors throughout the audit lifecycle on effectiveness of control · Spearheading with the third party and bank teams on the third party incident management. Take part in discussion with third parties to understand the RCA and suggesting corrective actions for any breach, attack, and incidents to prevent recurrence of the events · Convene stakeholder meetings as required, review and manage the various vendor access scenarios.

· Conduct awareness sessions and sending advisories related to security awareness to third parties as applicable. · Serve as security liaison between business, third parties, and internal team. · Engagement with internal risk functions, IT, Audit, and other functions · Supporting and submission of artefacts for the governance and compliance requirements of third-party information security risk management function · Information security checks for onboarding of third party based on established process and access scenarios.

· Dashboard and Governance

· Tracking and remediation of audit /assessment findings · Prepare dashboards and project the actual vs planned in all areas of the portfolio and presenting to management · Project the future maturity and yearly guidance of assessments activities.

Educational Key Skills

· Graduation: BE, BTECH, BSc, BCA

· Post-Graduation: M.TECH, MBA, MCA

· Certifications: CISA, CISSP, CCSP, CRISC

ISO 27001, PCI etc. would be preferred.

· 12 – 15 years’ experience in the field of Information security and technology. · Good knowledge in cloud security, infrastructure security and application security to perform information security audits and assessments · Prior work experience in performing information security audits and assessments · GRC experience with knowledge and understanding in ISO 27001, NIST, PCI DSS and other frameworks · Strong skills using Microsoft Office Suite (Word, Excel, PowerPoint). · Good written and spoken communication skills. · Good analytical and problem-solving skills · Dedication to work & goal defined which is in line with department & organization goals and complete the task & goals defined as per timeline.

Experience Required

· Experience between 12- 15 years

· Cyber / Information security experience – 10 years

Major Stakeholders · IT, IT and Digital risk team, Internal audit, Operational risk unit, Business and Product teams · Third party/vendors, Privacy office, IT Governance and risk unit, Risk Intelligence unit

Industries:Banking, Financial Services, Investment Banking