| REQUIREMENT TEMPLATE – Third-party Information Security Risk and Compliance Analyst |
|
| No. of positions |
1 |
|
| Prepared by |
|
|
| Account Name |
Proximus – GCC – Bangalore |
|
| Service Line |
|
|
| Must have skills - 2 skills which are non-negotiable |
- Conduct comprehensive audits of third-party information security policies, procedures, and controls.
- Participate in contract negotiations concerning the third-party information security annex.
- Lead online and in-person meetings with third parties.
- Analyse submitted security questionnaires and documentation to identify and assess potential vulnerabilities and risks. Raise issues promptly and provide mitigation options based on security issues identified.
- Prepare detailed risk assessment reports for senior leadership, providing insights and recommendations for third-party risk reduction.
- Contribute to the continuous improvement of the team's processes based on experience in third-party risk assessment, industry best practices, and internal policies and frameworks.
- Produce clear and structured documentation of processes, meetings, and other relevant activities.
- Initiate and lead improvement projects aimed at enhancing the efficiency and effectiveness of the Vendor Risk Management team.
- Collaborate with other sections within the company to ensure alignment of processes.
- Stay up-to-date with emerging technologies, threats, vulnerabilities, and industry best practices.
- Proficiency in risk management, cybersecurity control frameworks and standards (e.g. NIST RMF, ISO 27001, ISO 28000, CyFun, CCM)
-
|
|
| Desirable skills - 1 skill which is nice to have |
- 2+ years' experience in third/party risk management, information security risk management, compliance, or a background in cybersecurity.
- Familiarity with information security processes, including risk assessment, vulnerability management, and incident response.
- Understanding of regulatory requirements (e.g. GDPR, NIS2, DORA)
- Proficiency in risk management, cybersecurity control frameworks and standards (e.g. NIST RMF, ISO 27001, ISO 28000, CyFun, CCM)
- Relevant certifications such as CISA, CISSP, CISM, ISO/IEC 27001Lead Implementer/Auditor, ISO/IEC 28000 Lead Implementer/Auditor, Security+.
- Advanced knowledge of Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) to create professional documentation, presentations, dashboards, prepare statistics calculations, and optimize workflows.
- Knowledge of emerging technologies and their associated risks, especially in AI and cloud computing.
- Experience of using a Governance, Risk, and Compliance (GRC) tool.
|
|
| Infosys role |
|
|
| Desired experience range |
5-7 Years |
|
| Location(s) where this position can work out of |
Proximus – GCC -BLR |
|
| Does this position require working from client office all or some days in the week? If yes pls provide details |
Yes. Proximus-GCC-BLR |
|
| Is remote working allowed |
|
|
| Any additional things to be checked |
|
|
Responsibilities and JD in brief along with additional criteria to be considered (if any):
- Conduct comprehensive audits of third-party information security policies, procedures, and controls.
- Participate in contract negotiations concerning the third-party information security annex.
- Lead online and in-person meetings with third parties.
- Analyse submitted security questionnaires and documentation to identify and assess potential vulnerabilities and risks. Raise issues promptly and provide mitigation options based on security issues identified.
- Prepare detailed risk assessment reports for senior leadership, providing insights and recommendations for third-party risk reduction.
- Contribute to the continuous improvement of the team's processes based on experience in third-party risk assessment, industry best practices, and internal policies and frameworks.
- Produce clear and structured documentation of processes, meetings, and other relevant activities.
- Initiate and lead improvement projects aimed at enhancing the efficiency and effectiveness of the Vendor Risk Management team.
- Collaborate with other sections within the company to ensure alignment of processes.
- Stay up-to-date with emerging technologies, threats, vulnerabilities, and industry best practices.
- 2+ years' experience in third/party risk management, information security risk management, compliance, or a background in cybersecurity.
- Familiarity with information security processes, including risk assessment, vulnerability management, and incident response.
- Understanding of regulatory requirements (e.g. GDPR, NIS2, DORA)
- Proficiency in risk management, cybersecurity control frameworks and standards (e.g. NIST RMF, ISO 27001, ISO 28000, CyFun, CCM)
- Excellent analytical and problem-solving skills, with the ability to interpret complex risk data and make informed decisions.
- Attention to detail.
- Strong written and verbal communication skills in English, capability to articulate complex risk concepts to technical and non-technical audiences.
- Capable of conducting professional business communications and effectively handling information security aspects of contract negotiations.
- Experience in aligning team processes with broader organizational goals.
- Proven ability to initiate and drive projects.
- A collaborative mindset and a positive attitude towards working with a diverse team.
- Relevant certifications such as CISA, CISSP, CISM, ISO/IEC 27001Lead Implementer/Auditor, ISO/IEC 28000 Lead Implementer/Auditor, Security+.
- Advanced knowledge of Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) to create professional documentation, presentations, dashboards, prepare statistics calculations, and optimize workflows.
- Knowledge of emerging technologies and their associated risks, especially in AI and cloud computing.
- Experience of using a Governance, Risk, and Compliance (GRC) tool.
- Proficiency in English.
- Experience in the telecommunication domain.
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
