| Job Description: |
Location : Pune
Skills: TPRM (4+ yrs in Vendor Risk Assessment)
Experience Required: 6-10 years
Job Description:
Technical/Functional Skills from the Role
Access management-Privilege access management , Segregation of duties, least privilege principle , RBAC , Password management , User access management, personal accounts & Non personal technical accounts
Data security – Encryption at rest and in transit , Key lifecycle management, Ciphers,
Secure operations- Log monitoring, Log protection, Log management, Endpoint security, Patching
Data Leakage Prevention- Understanding of DLP tools & technologies, structured and unstructured data, Instances (Dev, Test , PROD), Email security, Data classification.
Cyber Threat management – Threat & Vulnerability management, Hardening process, External attacks ( DDoS) , Penetration testing , Incident management
Network security- Basic network security components understanding ( Firewall, IDS ,IPS, WAF), Network ports & protocols, Network segmentation etc.
System acquisition , development & Change management– SLDC process for application design , development , deployment & Operations including defined change controls for approval and testing.
Operation resilience – BCP , Backup & restore, Records management , Data retention.
Governance , risk & compliance- Polices , Procedures, Risk management framework , Cyber risk management, Supply chain risk management.
Assurance reports – SOC 1, SOC 2 reports, ISO 27001 certificate including Statement of applicability, CSA star level 2 etc
Asset management- Asset inventory , Hardware & Software Life cycle management
Data center security
Physical security
HR security
Relevant experience in TPRM (Program/Framework level).
Expertise in Third Party Risk Assessments
Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO 22301 etc. Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports.
Certifications such as CTPRP, CTPRA, CRVPM, CRISC, CISA, CISSP are good to have.
Roles and Responsibilities
Ø Should be able to develop and manage a comprehensive third party risk management framework / program.
Ø Should be able to drive regulatory compliance / remediation programs such as Digital Operational Resilience Act (DORA).
Ø Should be independently able to manage third party due diligence including initial risk assessments and ongoing monitoring.
Ø Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met.
Ø Document and present overall residual risk to higher management for approvals and risk acceptances.
Ø Interact with vendors, business, and multiple stakeholders to assess, explain and remediate the risks identified.
Ø Ongoing monitoring activities such as performance monitoring, contractual compliance, SLA/KPI adherence, negative news monitoring etc.
Ø Test design and operating effectiveness of TPRM controls, identify gaps and recommend improvements.
Ø Support key reporting activities associated within key functions. Perform adhoc IT risk analysis and reporting. |
| Comments for Suppliers: |
|
|
