HGS - Hinduja Global Solutions
Location
Bangalore | India
Job description
Job description
At HGS, we are looking for a Third-Party Risk Management Specialist in the Security Organization. The Specialist should set-up TPRM Program building visibility into 3rd party ecosystem and actively partner with departments across HGS taking a holistic view of the entire company and reducing risk. The specialist will support the end-to-end third-party implementation process to ensure HGS’s vendors meet our security needs, including pre-contractual third-party security reviews, post-contractual controls & risk assessment to identify the required security controls and potential risks to remediate to ensure security on Day 1, and documenting any remaining risks in the security risk register for post implementation remediation. Responsibilities • Conduct thorough security assessments of third-party vendors, suppliers, and partners to evaluate their compliance with established security policies, regulations, contracts, and industry best practices • Analyze and interpret third-party security assessment findings and provide recommendations and remediation plans to mitigate identified risks • Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions are taken • Develop and maintain a comprehensive understanding of the organization's third-party risk management framework and standards • Ensure assessments within the company are in accordance with known industry frameworks (i.e., ISO, , NIST, COBIT etc.) • Collaborate with cross-functional teams, including legal, procurement, IT, and business units, to gather necessary information and ensure compliance with risk management processes • Stay updated with emerging trends, regulatory changes, and industry standards related to third-party risk management, and incorporate them into risk assessment processes and practices • Prepare and present reports, summaries, and metrics on third-party security assessments to stakeholders and senior management, highlighting key findings and recommendations • Assist in the development and enhancement of third-party due diligence policies, procedures, and frameworks to continually improve the effectiveness and efficiency of risk assessment processes • Provide training and guidance to internal teams on third-party risk management best practices and procedures • Provide a culture of risk awareness Qualification: Minimum of 4 years of experience in third-party risk management, vendor management, information security, IT auditing, or equivalent experience Familiarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk management Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as ISO 27001, NIST CSF, NIST SP 800-53, GDPR, and other industry-specific regulations Preferred Certifications: CISA, CISM, CRISK, CIPP Experience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating their compliance with policies, procedures, and regulatory requirements Strong analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory compliance Ability to collaborate effectively with cross-functional teams, including legal, compliance, IT, and business units, to gather necessary information and ensure compliance with risk management processes Excellent written and verbal communication skills, with the ability to prepare clear and concise reports, summaries, and documentation related to risk assessments Detail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risks Strong organizational skills to monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions are taken Familiarity with risk management software or tools used for tracking and managing third-party risks may be an advantage Proactive attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk management Ability to work independently and as part of a team, with a focus on delivering high-quality results within established deadlines Ability to easily adapt to a rapidly evolving, fast-paced, cyber security environment as it relates to changes in strategyJob tags
Salary
