EY - Manager - Third Party Risk Management - Information Security

Advisory - Risk - RT - TPRM Sub-Competency - Manager

Roles and Responsibilities :

- Performing third party risks assessment on behalf of our clients over the outsourced processes

- Needs to have worked on TPRM/ VRM or Third party Risk management.

- Experience in handling key activities of audit life cycle: scoping, planning, fieldwork execution, reporting, QA and issues tracking

- Assessing findings and articulating the risks in the context of a client's risk management framework and recommend areas of improvement

- Exposure to Information Security Management Systems (ISMS) framework

- Reporting and communicating risks to all stakeholders including senior management

- Testing of controls, identification of deficiencies.

- Risk assessment: exposure and hands on experience on risk assessment methodologies, create risk registers, risk treatment and mitigation activities

- Managing client relationships, handling escalations and reviewing work of subordinates

- Managing the team and owning project deliverables

Experience and skills :

- Strong communication and interpersonal skills

- Clear and concise documentation skills

- Should be updated on latest information security risks and vulnerabilities

- Clear understanding of IT control domains listed in ISO 27001.

- Experience IT Security Standards along with ISO 27001

- Good to have experience in assessing Standard Information Gathering (SIG) framework

- Risk assessment - Exposure and hands on experience with risk assessment methodologies, creating risk registers, risk treatment and mitigation activities

Education : BCA, BSc, BCA, B Tech, MBA, MCA

Certifications : CISA, CISSP, CISM ( any one mandatory)