AVP Senior Manager - Third Party Risk Management TPRM with a Large Private Bank

Job Purpose:

Responsible for

• Third party information security risk assessments.
• Third party onsite audit & Management of audit lifecycle
• Cyber risk assessment
• Third party security incident management
• Vendor coordination
• Dashboarding and Governance

Job Responsibilities

• Manage information security audit lifecycle
• Perform onsite information security audit of vendors
• Coordination with the bank appointed CERTIn auditor and the third parties/vendors throughout the audit lifecycle.
• Perform information security risk assessment
• Own and manage the thirdparty information security risk management program covering onsite / virtual thirdparty assessment and related governance actions information security clauses in agreements (including deviations) refine the associated KRI & threshold/ranges.
• Convene stakeholder meetings as required review and manage the various vendor access scenarios.
• Conduct awareness sessions and sending advisories related to security awareness to third parties as applicable.
• Serve as security liaison between business third parties and internal team.
• Engagement with internal risk functions IT Audit and other functions
• Take part in discussion with third parties to understand the RCA and suggesting corrective actions for any breach attack and incidents to prevent recurrence of the events
• Supporting and submission of artefacts for the governance and compliance requirements of thirdparty information security risk management function
• Information security checks for onboarding of third party based on established process and access scenarios.

Dashboard and Governance

• Tracking and remediation of audit /assessment findings
• Prepare dashboards and project the actual vs planned in all areas of the portfolio and presenting to management
• Project the future maturity and yearly guidance of assessments activities

Educational

• Graduation: BE BTECH BSc BCA
• PostGraduation: M.TECH MBA MCA
• Certifications: CISA CISSP CRISC ISO 27001 PCI etc. would be preferred.

Key Skills

• 12 years experience in the field of Information security and technology.
• Good knowledge in cloud security infrastructure security and application security to perform information security audits and assessments
• Prior work experience in performing information security audits and assessments
• GRC experience with knowledge and understanding in ISO 27001 NIST PCI DSS and other frameworks
• Strong skills using Microsoft Office Suite (Word Excel Powerpoint).
• Good written and spoken communication skills.
• Good analytical and problem solving skills
• Dedication to work & goal defined which is in line with department & organization goals and complete the task & goals defined as per timeline.

Experience Required

Minimum experience in years 12 years

risk manager,TPRM,vendor risk,risk management,ITGC,Cyber risk assessment,vendor incident management,risk assessments