Role Description :
- Experience in actively contributing in establishment and Management of a Risk Management program for Third Parties or Supply Chain to detect and mitigate risks which would include establishing capability to monitor, manage and audit risks and associated actions, establish training & awareness, driving reviews and supporting internal and external audits.
- The candidate should have experience or knowledge of SSAE18, SOC2, HITRUST, PCI DSS Industry Standards.
- IT & Cyber Security technical knowledge (Intermediate level) is needed.
- Ability to think out-of-the-box and maintain balance of security risk Vs solution within the best technical and cost opportunity limits, to meet the company standard, regulatory and the contractual obligations.
- Ability to work in a team and develop strong relationship bond with the Business and Cross-Platform teams while always wearing a "ready on the toes" attitude to support the organization at his best efforts.
- Ability to achieve positive & successful results for Information Security Risk Management activity, apprising the leadership about the specific risks from their vertical, through direct interaction and tactical influence over stakeholders
Responsibilities :
- Drive Information Security Risk Management activity globally for all the third parties or Suppliers of Concentrix
- Maintain and Improve the risk management frameworks at Concentrix
- Work with business teams and support teams to drive Risk Assessments for their respective Suppliers spans
- Deliver training to teams on Risk Management
- Interpret the business contractual requirements (Technology & Information Security) to align Risk Management program
- Develop the documents as required or guiding the team responsible in development of the required documentation
- Support and manage Internal and External risks
- Handle and respond to client audits, reviews and assessments through time-bound and committed methodology
- Communicate effectively the risks, vulnerabilities, threats and findings of the assessments and reviews to senior management and relevant stakeholders and co-ordinate and govern the closure, as required
Experience :
- Experience of Risk Management for security, privacy and Compliance aspects
- Intermediate level technical knowledge of IT Security and Cyber Security for Networks, Applications, Servers, Security Tools
- A solid understanding of Risk Management Program and IT security technologies including network and application security, firewalls, access management, and data protection
- Understanding of risks, threats & vulnerabilities with a keen interest of co-relating them and strategizing remediation and mitigation through unique creative approach
- Experience and knowledge of ITES industry
- Knowledge of Data Privacy and Protection principles and its' application
- Should have good hands-on experience of controls testing like SOC1, SOC2, HITRUST, Supplier Risk Management, etc.
- Working knowledge of Security frameworks and regulations such as NIST, ISO, HITRUST CSF, HIPAA, HITECH, etc.
- Excellent communication skills, both written and verbal
- Good presentations skills and MS Excel
- Detail oriented with excellent analytical and critical thinking capability
- Bonus points for Professional Security and / or Privacy credentials / certifications like CISSP, CISA, CRISC, CISM, HCISPP, CIPP/IT, etc.
- Willingness to travel (both Domestic and International)
Max Salary: 16 LPA
Didn’t find the job appropriate? Report this Job