Information Technology Risk Manager - Hyderabad, India - ManpowerGroup India

    ManpowerGroup India
    ManpowerGroup India Hyderabad, India

    2 weeks ago

    Default job background
    Description

    GENERAL INFORMATION

    Job Title: ISRM - Third Party Assessor (Contract from Manpower group India)

    Reports to: Third Party Information Security & Risk Management Lead

    Job location: Hyderabad (work from Office/ Hybrid)

    Experiance: 4-7 years

    ROLE PURPOSE

    The Third Party Information Security Assessor will be responsible for conducting assessments of external vendors, suppliers, partners, and service providers to ensure compliance with company policies and industry standards for information security. Your primary responsibility will be to conduct comprehensive security assessments to ensure that third parties meet organization information security standards and comply with relevant industry regulations. The role requires knowledge and experience with information security and privacy regulations and frameworks, such as ISO 27001, GDPR.

    MAJOR ACCOUNTABILITIES

    Conduct Security Assessments: Plan, organize, and execute detailed security assessments of third-party vendors and service providers. This includes evaluating their information security policies, procedures, controls, and technical implementations.

    Risk Analysis: Identify and assess potential security risks associated with the third-party relationships and the services they provide. Analyze risk factors and communicate findings to stakeholders, providing recommendations for risk mitigation.

    Compliance and Regulatory Adherence: Ensure that third-party vendors comply with relevant industry standards, regulations, and contractual requirements related to information security, data privacy, and confidentiality.

    Documentation and Reporting: Prepare detailed assessment reports with clear and actionable recommendations for improving third-party security practices. Maintain accurate and comprehensive records of assessment findings, supporting evidence, and remediation plans.

    Communicate assessment findings to management and other stakeholders, both orally and in writing.

    Interdepartmental Collaboration: Collaborate with internal security teams, legal, compliance, and risk management personnel to align third-party security assessments with the organization's overall risk management strategy.

    EDUCATION EXPERIENCE

    EDUCATION:

    University/Advanced degree in Business Administration/Economics/Finance/Statistics

    EXPERIENCE:

    3-4 years of experience in information security, risk management, or related field

    Previous information technology/security audit/assessment experience preferred.

    Bachelor's degree in Information Security, Computer Science, or a related field.

    Certifications such as CISA, or ISO 27001 Lead Auditor are desirable.

    LANGUAGES

    Excellent spoken and written English.

    COMPETENCY PROFILE

    Very good understanding of NIST, ISO 27001, CIS Benchmarks, SDLC, COBIT standards, SOC 2 etc.,

    Understanding of third-party risk management and assessment methodologies.

    Strong analytical and problem-solving skills, with the ability to identify security risks and provide appropriate solutions.

    Excellent communication skills, including the ability to explain technical concepts to non-technical stakeholders.

    Strong attention to detail and ability to manage multiple assessments simultaneously.

    Ability to work independently and collaboratively within cross-functional teams.