Role Overview:

As an Information Security Governance, Risk, and Compliance (GRC) Manager with a specialization in Third-Party / Vendor Risk Assessments, your primary responsibility will be to ensure that vendors, service providers, and partners adhere to relevant regulatory, industry, and organizational information security standards.

Key Responsibilities:

• Conduct comprehensive information security risk assessments for third parties, vendors, partners, and service providers.
• Profile inherent risks and evaluate residual risks during vendor onboarding, renewals, and regular assessments.
• Update the Master Vendor Inventory with accurate service details and classifications.
• Review vendor-supplied information, security questionnaires, and supporting evidence.
• Assess inherent security risks based on the nature of services, data sensitivity, system and network access, and regulatory impact.
• Assign inherent risk ratings (High/Medium/Low) to new vendors according to the organization's security risk framework.
• Identify key risk drivers and control gaps during the inherent risk stage.
• Document assessment results and rationale using the designated risk assessment template or system.
• Perform detailed security risk assessments of third parties based on defined profiling criteria in the Security Risk Assessment Framework.
• Coordinate with internal stakeholders and vendor service owners to validate service details, data access, system integration, and service dependencies.
• Identify, escalate, and report any issues, gaps, or support requirements affecting the risk assessment.
• Provide regular updates on assessment progress, risks, and timelines to relevant stakeholders.
• Assist in enhancing the security risk framework for third parties.
• Support business units in updating vendor and service-related information.
• Establish and maintain relationships with internal stakeholders.
• Monitor the closure of open observations based on the defined remediation plan for each assessment.
• Assist in conducting process-related security assessments and recommending corrective actions.

Qualification Required:

• Strong understanding of information security controls, third-party risk frameworks, and regulatory compliance in the BFSI sector.
• Hands-on experience with vendor security assessments, risk rating methodologies, and compliance reporting.

Additional Details: N/A Role Overview:

As an Information Security Governance, Risk, and Compliance (GRC) Manager with a specialization in Third-Party / Vendor Risk Assessments, your primary responsibility will be to ensure that vendors, service providers, and partners adhere to relevant regulatory, industry, and organizational information security standards.

Key Responsibilities:

• Conduct comprehensive information security risk assessments for third parties, vendors, partners, and service providers.
• Profile inherent risks and evaluate residual risks during vendor onboarding, renewals, and regular assessments.
• Update the Master Vendor Inventory with accurate service details and classifications.
• Review vendor-supplied information, security questionnaires, and supporting evidence.
• Assess inherent security risks based on the nature of services, data sensitivity, system and network access, and regulatory impact.
• Assign inherent risk ratings (High/Medium/Low) to new vendors according to the organization's security risk framework.
• Identify key risk drivers and control gaps during the inherent risk stage.
• Document assessment results and rationale using the designated risk assessment template or system.
• Perform detailed security risk assessments of third parties based on defined profiling criteria in the Security Risk Assessment Framework.
• Coordinate with internal stakeholders and vendor service owners to validate service details, data access, system integration, and service dependencies.
• Identify, escalate, and report any issues, gaps, or support requirements affecting the risk assessment.
• Provide regular updates on assessment progress, risks, and timelines to relevant stakeholders.
• Assist in enhancing the security risk framework for third parties.
• Support business units in updating vendor and service-related information.
• Establish and maintain relationships with internal stakeholders.
• Monitor the closure of open observations based on the defined remediation plan for each assessment.
• Assist in conducting process-related security assessments and recommending corrective actions.

Qualification Required:

• Strong understanding of information security controls, third-party risk frameworks, and regulatory compliance in the BFSI sector.
• Hands-on experience with vendor security assessments, risk rating methodologies, and compliance reporting.

Additional Details: N/A