Third-Party Risk Management

Position : . Manager – Information Security (Third-Party Risk Management)

Experience : 15–20 Years

Work Mode : Remote

Educational Qualifications / Certifications

Bachelor’s degree in Computer Science, Engineering, or a related field (or equivalent work experience).

Professional certifications preferred : CISA, CRISC, CISM, or CISSP (one or more).

Strong verbal and written communication skills.

Excellent organizational skills with a self-motivated learning mindset.

Proven hands-on experience in building and implementing Information Security Third-Party Risk Management programs.

Roles and Responsibilities

Enhance and mature the Information Security Third-Party Risk Management (TPRM) framework, including developing and defining risk appetite.

Develop and implement effective strategies to manage and mitigate risks associated with high-risk suppliers.

Oversee and perform security risk assessments , business impact analyses , and security control evaluations across third-party vendors using OneTrust .

Maintain a comprehensive risk register within OneTrust to track and monitor identified risks.

Provide oversight for supply chain security assessment remediation , and facilitate the creation of CUECs to define shared responsibility models.

Review and advise on client MSA security terms and conditions , partnering with the legal team.

Ensure compliance with firm-wide information security policies and regulatory requirements .

Collaborate with stakeholders across lines of defense to review and refine assessment results.

Establish and maintain robust risk reporting and escalation processes .

Stay updated on emerging threats , best practices, and relevant security legislation.

Partner effectively with internal and external stakeholders to address security concerns impacting the business.

Contribute to developing scalable tools and models that enhance decision-making efficiency and accuracy.

Gather feedback from stakeholders to improve and evangelize the third-party risk management program.

Prepare concise and meaningful risk assessment reports and dashboards for leadership.

Lead the creation and presentation of deep-dive reports and responses for senior executives .

Key Skills

Third-Party Risk Management (TPRM)

Information Security Governance

OneTrust Platform

Vendor Risk Assessment

Regulatory Compliance & Policy Enforcement

Risk Reporting & Mitigation

Strong Stakeholder Management

Apply on Varalakshmi.Y@livecjobs.com

7995831110