Talent.com
This job offer is not available in your country.
Security Risk Manager

Security Risk Manager

BIG IT JOBSAhmedabad
30+ days ago
Job description

About Company :

The company, publicly traded on the NYSE, reports annual revenues of approximately $450 million and holds a market capitalization near $3.5 billion. As a member of the S&P 600 Cosmetics Index since 2004, it has steadily expanded its brand portfolio. Today, it offers a diverse range of cosmetics, including Well People, a clean beauty label, and Keys Soulcare, a lifestyle beauty brand developed in collaboration with Alicia Keys. Its products are widely available online and at major U.S. retailers, with a steadily growing international presence.

Position Summary :

We are seeking a highly skilled and proactive Security Risk Manager to join our growing security team. You will be responsible for assessing, monitoring, and mitigating information security risks associated with third-party vendors and service providers. This role ensures vendor relationships comply with organizational security policies, industry regulations, and best practices to protect sensitive data and systems.

Key Responsibilities :

  • Conduct comprehensive security risk assessments internally and of third-party vendors, including cloud providers, SaaS vendors, and IT service providers.
  • Evaluate internal and third-party security controls, policies, and compliance with frameworks such as NIST, ISO 27001, SOC 2, GDPR, HIPAA, and PCI-DSS.
  • Perform due diligence reviews, including security questionnaires, audits, and contract reviews.
  • Identify, document, and prioritize risks related to vendor access, data handling, and system integrations.
  • Work with procurement and legal teams to ensure security requirements are included in vendor contracts and SLAs.
  • Prepare risk reports for senior leadership, highlighting key vendor risks and mitigation strategies.
  • Communicate security expectations to vendors and internal stakeholders.
  • Maintain a centralized vendor risk repository with up-to-date documentation.
  • Stay updated on emerging threats, regulatory changes, and industry best practices.
  • Enhance vendor risk assessment processes and tools for efficiency and effectiveness.
  • Cross-train team members on risk management principles.
  • Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management

Required Qualifications :

  • Bachelors degree in Information Security, Cybersecurity, Risk Management, or related field.
  • 5+ years of experience in IT risk management, vendor risk assessment, or third-party security evaluations.
  • Strong knowledge of security frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.).
  • Experience with vendor risk assessment tools
  • Strong GRC (Governance, Risk, and Compliance) platform knowledge.
  • Familiarity with cloud security, data privacy laws, and contractual security clauses.
  • Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

    • Preferred Qualifications :

  • Industry certifications such as CISA, CRISC, CTPRP
  • Experience in regulated industries (finance, healthcare, government).
  • Knowledge of supply chain security risks and zero-trust architecture principles
  • Experience with contract reviews to ensure security clauses (data protection, breach notification, audit rights).
  • Knowledge of continuous monitoring strategies for vendors.

    • (ref : hirist.tech)

    Create a job alert for this search

    Risk Manager • Ahmedabad