Job Description

Short Description for Internal Candidates

Senior Manager - Vendor Security, Risk Specialist



Vendor Risk Management Processes, Auditing, Assessment

- Preparation and Management of Third-Party risk governance framework

- Ensuring security has been embedded within the RFPs, Bids and Contracts basis organization\'s security policy and procedure

- Strong ability to devise, drive and implement standard processes and best practices (both from security and risk perspective) for all the suppliers

- Evaluation and / or usage of risk governance tools / applications in management of third-party risk.

- Conducting assessment of third parties against the designed information security framework considering all applicable legal, statutory and regulatory requirement

- Liaising with the third-party relationship management for pre and post assessment related requirement and ensuring compliance Information requirements.

- Lead the discussions with the senior management and support them in mitigating the available weaknesses within the existing third-party landscape - Demonstrate report drafting and management skills.

- Implementing customized control framework meeting the requirements of the third-party landscape.

- Ensure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are reviewed periodically.

- Act as a subject matter expert to assist the business in identifying and mitigating risks on their vendor relationships.

- Review and establish secure processes and systems at vendor\'s end for integration

Measures of Success(Define the Outcomes expected of the role)

- Successful development and contibution to the vendor risk security programme - Promote commitment, trust and engagement between them and their workforce

- Manage internal stakeholders to achieve high level performance whilst ensuring their personal wellbeing.

- Increase in maturity of vendor risk Programs (Adoption & Capabilities).

- Delivery of project plans, milestone updates, presentations, assessment reports and communications to senior management and other relevant stakeholders.

Skills Sets Required:

- Knowledge in multiple information security technologies and their strengths and shortcomings. - Proven experience with securing information for various technical solutions.

- Monitor marketplace trends and experiences on security, audit and control issues.

- Knowledge of common assessment control techniques.

- Knowledge of analytic techniques and methods.

- Understand security controls from a people, process and technology perspective. - Understanding of security architectural principles and standards.

- Experience in system security, network security and information security, covering areas of ISMS Management / PCI DSS, Technology risk and compliance, BCP & DR planning, Implementation and compliance, IT and IS audits, BCP audits, Security operations assessment and Cloud security.

- Should be familiar with standard secuirity processes and guidelines.

- Should be familiar with PCI and PA DSS - Ability to interact and work with various senior stakeholders. Manage congruent relationships among different teams.

- Excellent written & verbal communication & presentation skills.

- PCI DSS, PA DSS, ISO27001 & audit experience. Strong ability to devise, drive and implement standard processes and best practices (both from security and risk perspective) for all the suppliers.

- Ability to lead, collaborate, challenge and influence peers. Passion for project based execution and process improvement.

- Excellent Documentation, Communication, presentation, interpersonal and leadership Skills

Must have Qualifications:

- A Bachelor\'s Degree or advance course in Computer Science or Information Security related areas - Post-Graduation (Preferred)

- MBA or Masters in related field

- Industry-standard certifications such as CISA, CISM, ISO27001 LA, CEH, CCNA, CISSP, MCP etc. as preferred.

- Experience managing service providers/supplier relationships (Required)

- Should have strong knowledge of risk assessments frameworks such as - NIST CSF & 800-53, ISO27001, SOC, PCI, GDPR, etc.

- Over All experience in role 6+ years overall in information security, IT auditing & IT / vendor risk management processes.

- Relevant Experience with respect to the role (Pl specify field and years) BFSI, NBFC

- Preferred Industry(If any)

IIM Jobs