Voya India
Location
Delhi | India
Job description
Overview The Third Party Security Risk Analyst is responsible for Conduct thorough security assessments of third-party vendors, suppliers, and partners to evaluate their compliance with established security policies, regulations, contracts, and industry best practices.
Role • Analyze and interpret third-party security assessment findings and provide recommendations and remediation plans to mitigate identified risks. • Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions are taken. • Develop and maintain a comprehensive understanding of the organization's third-party risk management framework and standards. • Ensure assessments within the company are in accordance with known industry frameworks (i.e., ISO, NIST). • Collaborate with cross-functional teams, including legal, procurement, IT, and business units, to gather necessary information and ensure compliance with risk management processes. • Stay updated with emerging trends, regulatory changes, and industry standards related to third[1]party risk management, and incorporate them into risk assessment processes and practices. • Prepare and present reports, summaries, and metrics on third-party security assessments to stakeholders and senior management, highlighting key findings and recommendations. • Assist in the development and enhancement of third-party due diligence policies, procedures, and frameworks to continually improve the effectiveness and efficiency of risk assessment processes. • Provide training and guidance to internal teams on third-party security best practices and procedures. • Provide a culture of risk awareness. Role Requirements • Familiarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk management. • Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as ISO 27001, NIST CSF, NIST SP 800-53) and other industry-specific regulations. • Experience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating their compliance with policies, procedures, and regulatory requirements. Job Description • Strong analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory compliance. • Ability to collaborate effectively with cross-functional teams, including legal, compliance, IT, and business units, to gather necessary information and ensure compliance with risk management processes. • Excellent written and verbal communication skills, with the ability to prepare clear and concise reports, summaries, and documentation related to risk assessments. • Detail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risks. • Strong organizational skills to monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions are taken. • Familiarity with risk management software or tools used for tracking and managing third-party risks may be an advantage. • Proactive attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk management. • Ability to work independently and as part of a team, with a focus on delivering high-quality results within established deadlines. • Ability to easily adapt to a rapidly evolving, fast-paced, cyber security environment as it relates to changes in strategy.Job tags
Salary
