Consultant/Senior Consultant - Information Security - Third Party Risk Management

Consultant/Sr.Consultant- Information Security (Third Party Risk Management)

- Experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures).

- Strong understanding of the TPRM framework, Risk Management, Information Security practices.

- Demonstrate a good understanding of the Contract Risk Review management process.

- Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.).

- Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI - DSS, HITRUST, etc.

- Good knowledge of privacy regulations such as GDPR, CCPA, etc.

- Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc.

- Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management.

- Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review.

- Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.).

- Good experience in LAN/WAN architectures and reviews.

- Good knowledge of incident management, disaster recovery, and business continuity management, cryptography.

- Good to have prior Big-4 experience.

- Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer