Third Party Risk Management/Vendor risk assessment

Job Title: Third Party Risk Assessment || Third Party Risk Management || Vendor Security Assessment

Mode: Work from office

Work Location: Sector 72, Gurgaon

Shifts: US shifts

Job Summary: We are seeking a highly skilled Vendor Security Assessment Engineer to evaluate and ensure the security posture of third-party vendors, partners, and suppliers. This role involves assessing vendor compliance with security policies, industry standards, and regulatory requirements. The ideal candidate will have a strong background in cybersecurity, risk assessment and vendor management.

Key Responsibilities:

• Conduct security assessments of third-party vendors, identifying risks and recommending mitigations.
• Evaluate vendor compliance with security frameworks such as ISO 27001, NIST, SOC 2, GDPR, and other relevant regulations.
• Review penetration testing reports, cloud configuration reports, and report findings.
• Perform security due diligence and risk analysis for vendor onboarding and ongoing vendor relationships.
• Collaborate with internal teams, including procurement, legal, and IT security, to ensure security requirements are met.
• Develop and maintain security assessment questionnaires and methodologies.
• Monitor vendor security incidents and work with vendors to resolve security gaps.
• Provide recommendations for vendor risk remediation and track progress.
• Maintain documentation of security assessment results and provide regular reports to management.
• Stay up to date with emerging security threats and industry best practices.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3 to 6 years of experience in security risk assessment, vendor risk management.
• Strong understanding of security frameworks and regulatory compliance requirements.
• Ability to analyze security policies, architecture, and controls of third-party vendors.
• Excellent communication and interpersonal skills.
• Relevant security certifications (e.g., CISSP, CISA, CISM, CRISC, or equivalent) are a plus.

Preferred Qualifications

• Experience working in a cloud security environment (AWS, Azure, GCP).
• Familiarity with third-party risk management tools and platforms.
• Knowledge of data privacy laws and secure data handling practices.
• Experience in contract review from a security and compliance perspective.

Interested applicants with relevant experience can forward your CV to [HIDDEN TEXT]

Phone: Kiran - 9347964330 (please call only if you have relevant experience)