Information Technology Risk Manager - Hyderabad, India - ManpowerGroup India
Description
GENERAL INFORMATION
Job Title: ISRM - Third Party Assessor (Contract from Manpower group India)
Reports to: Third Party Information Security & Risk Management Lead
Job location: Hyderabad (work from Office/ Hybrid)
Experiance: 4-7 years
ROLE PURPOSE
The Third Party Information Security Assessor will be responsible for conducting assessments of external vendors, suppliers, partners, and service providers to ensure compliance with company policies and industry standards for information security. Your primary responsibility will be to conduct comprehensive security assessments to ensure that third parties meet organization information security standards and comply with relevant industry regulations. The role requires knowledge and experience with information security and privacy regulations and frameworks, such as ISO 27001, GDPR.
MAJOR ACCOUNTABILITIES
Conduct Security Assessments: Plan, organize, and execute detailed security assessments of third-party vendors and service providers. This includes evaluating their information security policies, procedures, controls, and technical implementations.
Risk Analysis: Identify and assess potential security risks associated with the third-party relationships and the services they provide. Analyze risk factors and communicate findings to stakeholders, providing recommendations for risk mitigation.
Compliance and Regulatory Adherence: Ensure that third-party vendors comply with relevant industry standards, regulations, and contractual requirements related to information security, data privacy, and confidentiality.
Documentation and Reporting: Prepare detailed assessment reports with clear and actionable recommendations for improving third-party security practices. Maintain accurate and comprehensive records of assessment findings, supporting evidence, and remediation plans.
Communicate assessment findings to management and other stakeholders, both orally and in writing.
Interdepartmental Collaboration: Collaborate with internal security teams, legal, compliance, and risk management personnel to align third-party security assessments with the organization's overall risk management strategy.
EDUCATION EXPERIENCE
EDUCATION:
University/Advanced degree in Business Administration/Economics/Finance/Statistics
EXPERIENCE:
3-4 years of experience in information security, risk management, or related field
Previous information technology/security audit/assessment experience preferred.
Bachelor's degree in Information Security, Computer Science, or a related field.
Certifications such as CISA, or ISO 27001 Lead Auditor are desirable.
LANGUAGES
Excellent spoken and written English.
COMPETENCY PROFILE
Very good understanding of NIST, ISO 27001, CIS Benchmarks, SDLC, COBIT standards, SOC 2 etc.,
Understanding of third-party risk management and assessment methodologies.
Strong analytical and problem-solving skills, with the ability to identify security risks and provide appropriate solutions.
Excellent communication skills, including the ability to explain technical concepts to non-technical stakeholders.
Strong attention to detail and ability to manage multiple assessments simultaneously.
Ability to work independently and collaboratively within cross-functional teams.