Assistant Manager - Third Party Risk Management
Location
Chennai | India
Job description
Job Description:
- The, Third Party Risk Professional will perform third party risk assessments on new and existing third parties on an enterprise-wide basis
- Preparation of detailed and summary reports of assessment, including customized reports, as needed.
- Work as a Subject Matter Experts (SME) and with other SMEs within the Operational Risk Office, IT, Law, Privacy, Compliance, Sourcing, and Treasury, to develop and apply risk assessment criteria (aligned with corporate Policy)
- Work directly with internal business partners to assist them in effectively managing their operational risks related to identification of potential risks in business processes, applications, systems, associated with third party engagements.
- Work with IT, Sourcing, and Law to ensure compliance and integration of third party risk management lifecycle elements.
- Ability to perform contract reviews of redlines and approve/reject changes.
- Identify and measure the risks faced a business area, process, or workflow based on facts, business environment, and practicality and perform appropriate due diligence to ensure identification and management of risks.
- Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetite and tolerance.
- Work directly with new and existing third party vendors to assess risk controls to ensure data is adequately safeguarded
- Promote awareness and enhance our internal service model that informs the business of key risks in a timely manner so as to limit unnecessary impediments and avoid bureaucracy.
- Contribute to building of training program for internal business partners on due diligence process as well as their obligation in ongoing monitoring.
Qualifications: Job Description: Responsible for performing Information Security Control due diligence related to onboarding and ongoing governance of Third Parties. Assist and help ensuring company's policy, procedure, standards followed to ensure compliance with Regulatory Guidelines, laws, as well as industry best practices. Provide leadership and counsel to internal business relationship owners as well as vendors in assessing risk controls of third party service providers across the enterprise. Identification and escalation of risks associated with third party products and services, confirming adequacy of controls, as well as facilitating risk remediation discussions and/or acceptance consistent with defined corporate policies. Analysis will include working with the business to define characteristics of each engagement, confirmation of tiering, communications with business relationship owners and third parties, to obtain responses to due diligence questionnaires.
Responsibilities: - Performance of information security due diligence assessments for new and existing third parties on an enterprise-wide basis
- Preparation of detailed and summary reports of assessment, including customized reports, as needed.
- Work as a Subject Matter Experts (SME) and with other SMEs within the Operational Risk Office, IT, Law, Privacy, Compliance, Sourcing, and Treasury, to develop and apply risk assessment criteria (aligned with corporate Policy)
- Awareness of the information security, privacy, and regulatory concerns and best practices impacting third party risk.
- Analyze information security controls to identify potential opportunities to reduce vulnerabilities.
- Work directly with internal business partners to assist in managing risks related to identified risks that could impact processes, applications, systems, associated with third party engagements.
- Provide subject matter expertise on information security, key technology security controls, automation, and virtualization.
- Collaborate with IT, cyber, and operational teams to ensure secure infrastructure plans and services are in place for vendor solutions.
- Identify and measure the risks faced by business area, process, or workflow based on facts, business environment, and practicality ensure information security controls and practices are commensurate with risk.
- Counsel and guide business partners in identifying potential risk mitigation alternatives aligned with risk appetite and tolerance.
Competencies/Skills: - Acute attention to detail with a high level of data integrity and accuracy.
- Experience in complex environments or providing professional consulting services related to information security risk control requirements.
- Broad knowledge of information security and privacy fundamentals.
- Demonstrated ability in problem-solving and analysis, issue identification, information discrepancies, root cause analysis, and correlation to potential risks.
- Proven ability to synthesize and summarize complex data into concise recommendations and reports.
- Excellent oral and written communication, ability to convey technical and security-related concepts to people at all levels of the organization.
- Strong organizational and prioritization skills to handle and balance multiple priorities, with ability to adapt to a constantly changing business environment, work independently, and meet deadlines in a fast-paced environment-with only periodic supervision.
- Ability to work collaboratively and manage and initiate effective cross-functional relationships maintaining a high level of professionalism, self-motivation, and a strong sense of urgency
- Strong computer skills, including MS Office products (e.g. Word, Excel) and Third Party Risk tools (e.g., Archer, Aravo, etc.) to prepare reports, memos, summaries, and analyses.
Knowledge: - Ability to conduct thorough information security risk assessments, through application of established criteria.
- Strong understanding of the principles of risk management, information security, and their relationship to corporate governance activities such as operational risk assessment and organizational impact
- Knowledge in SSAE 16, SOC 2, Shared Assessments, and other vendor risk assessment methodologies.
- Clear understanding of industry standards: ISO2700*, COBIT, COSO, as well as regional standards and regulations; Sarbanes Oxley, Basel II, GLBA, HIPAA and resiliency practices.
- Demonstrated consistent credibility as a subject matter expert with business partners and leadership while recommending initiatives, identifying gaps, and potential issues
- Possesses and builds on knowledge of operational risks and trends relevant to financial services and insurance staying abreast of current and pending regulatory and compliance requirements
- Strong knowledge of and experience in risk management, information security, and internal controls required spanning fraud, legal liability, regulatory, privacy, information and cyber security, reputational harm, business resiliency, theft of assets, financial losses, and errors/omissions.
- Familiarity with key regulatory requirements for data protection and third party risk management, NYDFS Cybersecurity Regulation, NIST, HIPAA, PCI, CCPA, etc.
Education: - BS/BA degree, Advanced Degree preferred or equivalent experience, preferably in Computer Science
- Industry recognized certifications within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.)
Experience: - 10 years of working in an IT computer related field, Operational, and/or Third Party Risk experience required
- Hands-on technical experience in cloud administration, cybersecurity, and emerging technology is a plus
Life at Guardian:
Location: This position can be based in any of the following locations:
Chennai
Job tags
Salary
