Short Description for Internal Candidates
Senior Manager - Vendor Security, Risk Specialist
Vendor Risk Management Processes, Auditing, Assessment
- Preparation and Management of Third-Party risk governance framework
- Ensuring security has been embedded within the RFPs, Bids and Contracts basis organization\'s security policy and procedure
- Strong ability to devise, drive and implement standard processes and best practices (both from security and risk perspective) for all the suppliers
- Evaluation and / or usage of risk governance tools / applications in management of third-party risk.
- Conducting assessment of third parties against the designed information security framework considering all applicable legal, statutory and regulatory requirement
- Liaising with the third-party relationship management for pre and post assessment related requirement and ensuring compliance Information requirements.
- Lead the discussions with the senior management and support them in mitigating the available weaknesses within the existing third-party landscape - Demonstrate report drafting and management skills.
- Implementing customized control framework meeting the requirements of the third-party landscape.
- Ensure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are reviewed periodically.
- Act as a subject matter expert to assist the business in identifying and mitigating risks on their vendor relationships.
- Review and establish secure processes and systems at vendor\'s end for integration
Measures of Success(Define the Outcomes expected of the role)
- Successful development and contibution to the vendor risk security programme - Promote commitment, trust and engagement between them and their workforce
- Manage internal stakeholders to achieve high level performance whilst ensuring their personal wellbeing.
- Increase in maturity of vendor risk Programs (Adoption & Capabilities).
- Delivery of project plans, milestone updates, presentations, assessment reports and communications to senior management and other relevant stakeholders.
Skills Sets Required:
- Knowledge in multiple information security technologies and their strengths and shortcomings. - Proven experience with securing information for various technical solutions.
- Monitor marketplace trends and experiences on security, audit and control issues.
- Knowledge of common assessment control techniques.
- Knowledge of analytic techniques and methods.
- Understand security controls from a people, process and technology perspective. - Understanding of security architectural principles and standards.
- Experience in system security, network security and information security, covering areas of ISMS Management / PCI DSS, Technology risk and compliance, BCP & DR planning, Implementation and compliance, IT and IS audits, BCP audits, Security operations assessment and Cloud security.
- Should be familiar with standard secuirity processes and guidelines.
- Should be familiar with PCI and PA DSS - Ability to interact and work with various senior stakeholders. Manage congruent relationships among different teams.
- Excellent written & verbal communication & presentation skills.
- PCI DSS, PA DSS, ISO27001 & audit experience. Strong ability to devise, drive and implement standard processes and best practices (both from security and risk perspective) for all the suppliers.
- Ability to lead, collaborate, challenge and influence peers. Passion for project based execution and process improvement.
- Excellent Documentation, Communication, presentation, interpersonal and leadership Skills
Must have Qualifications:
- A Bachelor\'s Degree or advance course in Computer Science or Information Security related areas - Post-Graduation (Preferred)
- MBA or Masters in related field
- Industry-standard certifications such as CISA, CISM, ISO27001 LA, CEH, CCNA, CISSP, MCP etc. as preferred.
- Experience managing service providers/supplier relationships (Required)
- Should have strong knowledge of risk assessments frameworks such as - NIST CSF & 800-53, ISO27001, SOC, PCI, GDPR, etc.
- Over All experience in role 6+ years overall in information security, IT auditing & IT / vendor risk management processes.
- Relevant Experience with respect to the role (Pl specify field and years) BFSI, NBFC
- Preferred Industry(If any)
IIM Jobs
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.