Coditing®
Website:
coditing.com
Job details:
Job Title: GRC Consultant (L2) – Third Party Risk Management & Information Security Audits
📍 Location: Navi Mumbai
💼 Experience: 3–6 Years
🏢 Industry: Banking / Financial Services
Job Overview
We are looking for a GRC Consultant (L2) with hands-on experience in Third Party Risk Management (TPRM) and Information Security Audits. The candidate will be responsible for assessing third-party vendors, performing security and compliance audits, and ensuring vendors meet the organization’s information security and regulatory requirements.
The ideal candidate should have experience working in the Banking or Financial Services domain and must have conducted onsite vendor risk assessments/audits as part of third-party risk management programs.
Key Responsibilities
- Conduct Third Party Risk Assessments (TPRM) for vendors, suppliers, and service providers.
- Perform onsite vendor security assessments and audits to evaluate information security controls.
- Review vendor compliance with organizational security policies, regulatory requirements, and industry standards.
- Evaluate vendor documentation including security policies, SOC reports, certifications, and control evidence.
- Identify security risks in third-party engagements and recommend risk mitigation strategies.
- Work with internal stakeholders to ensure vendors comply with information security, privacy, and compliance requirements.
- Track and follow up on remediation actions and risk treatment plans.
- Support internal and external audits related to third-party risk and compliance.
- Maintain vendor risk assessment records and documentation for audit and regulatory purposes.
Required Skills & Experience
- 3–6 years of experience in GRC, Information Security, or Risk Management.
- Hands-on experience in Third Party Risk Management (TPRM) programs.
- Experience in conducting onsite vendor security audits/assessments.
- Prior experience in the Banking / Financial Services industry.
- Strong understanding of information security frameworks and standards (ISO 27001, NIST, PCI DSS, etc.).
- Experience reviewing SOC 1 / SOC 2 reports, security questionnaires, and vendor security documentation.
- Knowledge of risk assessment methodologies and compliance requirements.
- Excellent stakeholder communication and reporting skills.
Preferred Qualifications
- Certifications such as CISA, CISM, CRISC, ISO 27001 LA/LI, or CISSP.
- Experience working with regulatory requirements in the financial services sector.
- Familiarity with vendor risk management platforms/tools.
Click on Apply to know more.