Job Description
Perform initial and periodic risk assessments, and other necessary reviews, to identify, measure and manage third party information security risks based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices. Develop security compliance processes and/or audits for external services (e.g., cloud. service providers, data centres, Vendors, Partners). Perform ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements. Provide dedicated support to the information security risk management processes for onboarding and oversight of all new and existing third-party vendor relationships. Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Review contracts, project documentation, system design documents, vendor security policies and other vendor security references (i.e. SOC II type 2, SIG, AUP, PCI ROC, BitSight, etc.) to determine the extent, type, and scope of risks of the vendor relationship. Communicate to business units and cross-functional teams regarding significant third-party information security events and escalate to senior management, when applicable. Coordinate with IT architects, project teams and vendors to bring system designs into alignment with company security standards. Education Qualification: Graduation: Bachelor of Science (B.Sc) / Bachelor of Technology (B.Tech) / Bachelor of Computer Applications (BCA). Post-Graduation: Master of Science (M.Sc) /Master of Technology (M.Tech) / Master of Computer Applications (MCA). Certifications preferred may include: ISC2 Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Experience: 5 to10 Years of experience Risk, Fraud Control
Employement Category:
Employement Type: Full time
Industry: Others
Role Category: Others
Functional Area: Not Applicable
Role/Responsibilies: Information Systems Security Manager
Keyskills:
Risk Management
Information Security
Security Architecture
Risk Assessment
Auditing
Vulnerability Management
Vendor Risk Management
Compliance Processes
Security Reviews