Job Description

Location: Gurugram, India

Date Posted: Jan 19, 2026

Description

About Alvarez & Marsal

Alvarez & Marsal (A&M) is a global consulting firm with over 10,000 entrepreneurial, action and results-oriented professionals in over 40 countries. We take a hands-on approach to solving our clients' problems and assisting them in reaching their potential. Our culture celebrates independent thinkers and doers who positively impact our clients and shape our industry. The collaborative environment and engaging work--guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity - are why our people love working at A&M.

The Team

The GRC Associate will play a critical role in managing and enhancing our third-party risk management program. This position will align to the team responsibilities of assessing, monitoring, and mitigating risks associated with third-party vendors, ensuring compliance with regulatory requirements and internal security policies. This role will be focused on supporting client questionnaires, audit requests, third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk.The successful candidate requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm.

How you will contribute

1. Third Party Risk Management:Identify vendor risks for assessment against A&M risk appetite and submit risks into risk management platform. Maintain oversight of risk treatment and incorporate updates into monthly reports. Produce and deliver comprehensive due diligence/risk assessments of vendors. Contribute to process improvements and development of vendor risk assessment frameworks and questionnaires. Execute vendor assessments within defined SLA's utilizing GRC platforms and tools in line with A&M GRC vendor assessment process. Maintain, monitor and follow through on vendor performance alerts by actively managing remediation and delivering monthly posture reviews. Documentation and monitoring of approved vendor assessment scope and conditional approval statement to retain compliance.

2. Client Security Questionnaires:Manage and complete client security questionnaires and assessments within defined SLA's utilizing platforms in line with A&M GRC client security assessment processes. Collaborate with internal teams (Privacy, Legal, IT) to gather accurate and comprehensive responses. Support and contribute to process improvements and continuous maintenance of question and response database.

3. Contract Reviews:Evaluate security terms in contracts to mitigate risks associated with client and vendor engagements, within defined SLA's. Work with legal, privacy and business teams to ensure that contractual obligations align with the organization's security policies and compliance requirements.

4. Risk Reporting & Communication:Communicate identified risks and remediation strategies to both technical and non-technical stakeholders. Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.

5. Continuous Improvement: Suggest and implement process improvements, including use of Artificial Intelligence and automation.

Qualifications

Bachelor's degree in Information Security, Risk Management, Business, or related field Industry recognized certification in security (e.g., CRISC (Certified in Risk and Information Systems Control), CTPRP (Certified Third-Party Risk Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) 3-5 years of experience in GRC, third-party risk management, or information security. Experience in conducting vendor risk assessments and audits. Experience in managing and completing client security questionnaires Experience in reviewing and advising on security clauses in legal contracts Familiarity with third-party risk management tools and platforms Knowledge of information security regulatory requirements Good understanding of security frameworks such as ISO 27001, NIST, etc. Excellent analytical, problem-solving, and decision-making skills. Strong communication and interpersonal skills. Ability to translate security risks to business accessible language and format. Ability to work collaboratively with cross-functional teams. Detail-oriented with the ability to prioritize, and manage multiple tasks simultaneously.

Your journey at A&M

We recognize that our people are the driving force behind our success, which is why we prioritize an employee experience that fosters each person's unique professional and personal development. Our robust performance development process promotes continuous learning, rewards your contributions, and fosters a culture of meritocracy. With top-notch training and on-the-job learning opportunities, you can acquire new skills and advance your career. We prioritize your well-being, providing benefits and resources to support you on your personal journey. Our people consistently highlight the growth opportunities, our unique, entrepreneurial culture, and the fun we have together as their favorite aspects of working at A&M. The possibilities are endless for high-performing and passionate professionals.

Inclusive Diversity

-----------------------


A&M's entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work--guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity--are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity, and we foster inclusiveness, encouraging everyone to bring their whole self to work each day. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.

Equal Opportunity Employer

------------------------------


It is Alvarez & Marsal's practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, family medical history, genetic information or other protected medical condition, political affiliation, or any other characteristic protected by and in accordance with applicable laws. .

Unsolicited Resumes from Third-Party Recruiters

----------------------------------------------------


Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.