Talent.com
This job offer is not available in your country.
Governance & Risk and Compliance Analyst

Governance & Risk and Compliance Analyst

ConfidentialChennai
4 days ago
Job description

Responsibilities :

  • Vendor Risk Assessment :   Conduct thorough due diligence on potential third-party vendors to assess their cyber security, Data privacy, operational capabilities, and compliance with legal and regulatory requirements.
  • Due Diligence :   Perform due diligence reviews of vendors, including reviewing security policies, audit reports, and compliance documentation.
  • Documentation and Reporting :   Maintain comprehensive documentation of risk assessments, findings, processes, and recommendations.
  • Prepare reports for management and stakeholders on third-party risk status including critical data breaches, security incidents, and service disruptions.
  • Policy Development :   Assist in the development and implementation of third-party risk management policies and procedures in line with industry best practices and regulatory requirements.
  • Training and Awareness  : Provide training and support to internal teams on third-party risk management practices and the importance of vendor assessments.
  • Collaboration  : Collaborate with various departments, including IT, legal, compliance, and procurement, to ensure a cohesive approach to third-party risk management. Support internal and external audits related to vendor cybersecurity.
  • Security Questionnaire Response :   Responds to information security-related questions, RFPs, RFIs SIG, and inquiries using established information security tools and procedures.

Requirements :

  • Strong knowledge of information security and cybersecurity, including control testing, network security, and infrastructure assessments.
  • Bachelors degree in information technology, Computer Science, or a related / applicable field.
  • Have  4-5 years of work experience  related to Risk Management, procurement, and third-party risk management.
  • 2+ years  of experience in a team management role.
  • Experience in assessing cloud security and application security for third-party vendors.
  • Good knowledge of ISO 27001 ISO 27701 SOC 1 SOC 2 CPRA, GDPR, and PCI DSS.
  • Certified CRiSP / ISO 27001 / ISO 27701 Lead Auditor.
  • Excellent written and verbal communication skills.

    • Skills Required

    Procurement, Information Security, Risk And Compliance, Risk Management, Cybersecurity

    Create a job alert for this search

    Risk And Compliance Analyst • Chennai