Specialist, Vendor Risk Manager, Technology and Operations

ConfidentialMumbai, India

5 days ago

Job description

Business Function

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Description

This role is responsible for establishing, implementing, and maintaining a robust third-party risk management program. This role involves overseeing the assessment and continuous monitoring of third-party vendors and partners to identify, evaluate, and mitigate information security, compliance, and operational risks. This role will ensure that third-party relationships adhere to internal policies, industry standards, and regulatory requirements, protecting the organization's assets and reputation.

Key Responsibilities

Program Management :

Develop, implement, and continuously improve the organization's Third-Party Risk Management (TPRM) framework, policies, procedures, and guidelines.

Risk Assessment & Due Diligence :

Perform comprehensive end-to-end and in-depth information security assessments of third parties throughout their lifecycle (onboarding, ongoing, offboarding).

Conduct due diligence reviews of prospective and existing third-party vendors, assessing their security controls, compliance posture, and operational capabilities.

Advise and assess security mitigating controls for Network, Server, Endpoint security, Data protection (PII, Cards), Cloud security (Azure / AWS / GCP / OCI), Encryption, and API security.

Review implementation of standards such as PCI-DSS, PCI-PIN, and PA-DSS as applicable to third parties.

Continuous Monitoring : Establish and manage processes for the periodic assessment and continuous monitoring of third-party and ecosystem partners' security posture and compliance.

Risk Mitigation & Advisory :

Identify potential risks associated with third-party engagements and projects, advise on effective mitigation strategies.

Provide expert guidance on control implementation for the protection of sensitive data and adherence to security-by-design principles.

Reporting & Stakeholder Engagement :

Responsible for audit planning, report review, and reporting on third-party risk posture to senior management and other stakeholders.

Liaise with business units on new third-party requirements, ensuring risk is considered from the outset.

Collaborate with internal teams (e.g., Legal, Procurement, IT, CISO team, Group Security) to ensure a consistent and integrated approach to third-party risk management.

Work with the CISO team on regulatory requirements and submissions pertaining to Digital Payment security for third-party engagements.

Liaise with business and partners on compliance and regulatory assurance related to third parties.

Compliance & Standards :

Ensure third-party engagements comply with relevant laws, regulations, and industry standards.

Review and validate third-party adherence to recognized security frameworks and standards such as ISMS (ISO 27001), SOC (Service Organization Control reports), and NIST CSF.

Requirements

Strong understanding and practical experience with Third-Party Risk Management (TPRM) principles and best practices.

In-depth knowledge of information security domains, including network, server, endpoint, data protection, cloud security (Azure / AWS / GCP / OCI), encryption, and API security.

Clear understanding of application security assessments, source code review, and VAPT (Vulnerability Assessment and Penetration Testing).

Strong fundamentals of Defense-in-Depth security and SDLC (Software Development Life Cycle) processes.

Excellent understanding of industry standards and frameworks such as PCI-DSS, PCI-PIN, PA-DSS, ISMS (ISO 27001), SOC, and NIST CSF.

Proven ability to conduct security assessments and interpret security reports.

Strong analytical, problem-solving, and communication skills to effectively engage with internal and external stakeholders.

Experience with audit planning and reporting.

Ability to work independently and manage multiple third-party relationships concurrently.

Skills Required

Cloud Security, Soc, Information Security, Data Protection, Endpoint Security, Encryption, Isms, Iso 27001, Gcp, oci, API Security, Azure, Aws

Create a job alert for this search

Vendor Manager • Mumbai, India

Related jobs

Promoted

Natobotics - Vice President - Principal Risk & Control Specialist - Investment Banking Sector

NatoboticsMumbai, India

Position : Vice President Principal Risk & Control Specialist Experience : Minimum 12 Years Work Level : ...Show moreLast updated: 30+ days ago

Promoted

Risk Lead – Proprietary Trading

Nuvama GroupMumbai, Maharashtra, India

Risk Lead – Proprietary Trading.Listed derivatives (index & single-stock options), OTC exotics / structured products, Equity and Debt. The role is for a desk that is being setup.Candidate will be key ...Show moreLast updated: 1 day ago

Promoted

Tech Risk Strategic Initiatives Lead, VP

ConfidentialMumbai, India

Tech Risk Strategic Initiatives Lead , VP.The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office.CB and IB front-to-back ...Show moreLast updated: 5 days ago

Promoted

Operational Risk Team Lead and Third Party Resilience, U.S. Banks, Vice President, Wealth Management

ConfidentialMumbai, India

Morgan Stanley is a global financial services firm that conducts its business through three principal business segments—Institutional Securities, Wealth Management, and Asset Management.The Third-P...Show moreLast updated: 5 days ago

Promoted

Assistant Vice President,Specialist Risk Technology, Technology and Operations

ConfidentialMumbai, India

Promoted
New!

Threat Analysis and Risk Assessment (TARA) Specialist of R&D Product Cybersecurity

OLYMPUS MEDICAL SYSTEMS INDIA PRIVATE LIMITEDmumbai, India

BS, Master or equivalent degree in Computer Engineering, Software Engineering, Cybersecurity or other related fields.Minimum of 5 years of professional experience within Information Technology, Sof...Show moreLast updated: 13 hours ago

Promoted
New!

Senior Manager

PwC Acceleration Center Indianavi mumbai, India

A career in our Cyber Data Tech Risk – Enterprise Tech Solutions practice will provide you with the opportunity to help our clients build trust and confidence in their digital and technology-enable...Show moreLast updated: 13 hours ago

Promoted

Lead- Credentialing Operations

ExperianMumbai, Maharashtra, India

We are seeking a highly analytical and detail-oriented Senior Manager – Credentialing to lead the Third-party due diligence and credentialing process (for Clients, Vendors / Partners / Any Third-Pa...Show moreLast updated: 22 days ago

Promoted

Associate Director - Technology Risk Advisory

JFHRMumbai, India

ROLE SUMMARY : The Associate Director of Technology Risk Advisory will lead and oversee the development and growth of a high-performing Technology R...Show moreLast updated: 30+ days ago

Promoted

Specialist-Operational Risk

Ujjivan Small Finance Bankmumbai, India

POSITION DESCRIPTION JOB TITLE- Specialist-Operational Risk.GRADE SM DEPARTMENT Risk LOCATION HO.REPORTS TO Manager – Operational Risk. Specialist-Operational Risk - Job Description Internal Process...Show moreLast updated: 1 day ago

Promoted

Operational Risk Senior Specialist, AVP

ConfidentialMumbai, India

In Scope of Position based Promotions (INTERNAL only).Job Title : Operational Risk Senior Specialist, AVP.The purpose of the Operational Risk Management (ORM) function is to ensure that the bank's O...Show moreLast updated: 5 days ago

Promoted

Vice President - Algo Trading Risk - Global Risk Management

Zodnik SolutionsMumbai, India

Role Overview We are seeking an experienced Vice President to join our Global Risk - Algo Trading team in Powai.This role provides oversight of Electronic and Algorithmic Tradi...Show moreLast updated: 30+ days ago

Promoted

Business Risk Manager (Technology)

RevolutKalyan-Dombivli, IN

People deserve more from their money.More visibility, more control, and more freedom.Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products — including spending, ...Show moreLast updated: 30+ days ago

Promoted

Assistant Vice President - Vendor Audit / Risk Management

WorkassistMumbai, India

Description : Job Title : Vendor Audit | AVP (Third-Party Risk Management Specialist) Function : BFSI, Investments & Trading / Cyber Security Au...Show moreLast updated: 14 days ago

Promoted

Vendor Risk, WM Risk, Director, Wealth Management

ConfidentialMumbai, India

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve ...Show moreLast updated: 1 day ago

Promoted

Vice President - Risk Steward Oversight

ConfidentialMumbai, India

Some careers open more doors than others.If you're looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you ...Show moreLast updated: 5 days ago

Promoted

Sr Consultant Technology Risk

Pierag Consultingmumbai, maharashtra, in

This is a great opportunity to join our Technology Risk Advisory Team which provides a wide range of technology risk services related to IT Audit, SOX / ICFR, Service Organization Control (SOC) Repor...Show moreLast updated: 1 day ago

Promoted

Assistant Vice President, Vendor Risk Manager, Technology and Operations

ConfidentialMumbai, India