Website:
mycareernet.co
Job details:
Key Skills: ISO 27001, Governance, Risk, and Compliance (GRC), Third party Risk Management, HIPAA, Risk Management
Roles and Responsibilities:
- Lead the end-to-end third-party cybersecurity risk management lifecycle, including vendor onboarding, risk assessments, renewals, and off-boarding
- Operationalize enterprise TPRM policies, standards, and minimum security requirements across all third-party engagements
- Define and maintain vendor risk tiering, assessment methodologies, and review frequency based on data sensitivity, criticality, and regulatory impact
- Ensure consistent application of risk assessment processes across business units
- Review and validate third-party security assessments, questionnaires, and supporting evidence
- Identify cybersecurity, privacy, and operational risks associated with third-party services
- Drive remediation plans with business owners and vendors for identified gaps and control deficiencies
- Support risk acceptance and exception processes, including documentation and leadership approvals
- Track remediation status, overdue actions, and residual risk
- Partner with Procurement, Legal, Privacy, Compliance, IT, and Business Owners throughout the vendor lifecycle
- Provide advisory input during contract reviews to ensure appropriate cybersecurity and data protection clauses are included
- Act as a trusted advisor to business stakeholders on third-party cyber risk implications and mitigation strategies
- Guide business teams through risk assessment requirements to support onboarding of new vendors
- Maintain accurate third-party risk records in enterprise GRC / TPRM platforms (e.g., ServiceNow)
- Develop and present executive-level dashboards, metrics, and risk summaries for leadership consumption
- Monitor third-party risk trends, concentration risks, and systemic control gaps
- Support internal and external audits, regulatory reviews, and compliance assessments related to third-party risk
- Identify opportunities to streamline, automate, and enhance third-party risk processes
- Contribute to the evolution of TPRM policies, standards, and operating procedures
- Support continuous monitoring initiatives and integration of external risk intelligence where applicable
- Drive consistent, scalable, and auditable TPRM practices across the enterprise
Key Success Metrics:
- Timely completion of third-party risk assessments
- Reduction in high-risk and overdue vendor findings
- Improved audit outcomes and regulatory alignment
- Increased visibility of third-party cyber risk for leadership
- Mature, consistent, and scalable TPRM operations
Skills Required:
- Strong expertise in Third-Party Risk Management (TPRM) lifecycle (onboarding, due diligence, assessments, remediation, renewals, off-boarding)
- Deep understanding of Cybersecurity Governance, Risk, and Compliance (GRC) frameworks
- Strong knowledge of ISO 27001, HIPAA, and regulatory compliance requirements
- Experience in vendor risk tiering, assessment methodologies, and control evaluation
- Ability to perform and review third-party security assessments, questionnaires, and evidence validation
- Strong understanding of cybersecurity, privacy, and operational risks in third-party ecosystems
- Experience in risk identification, remediation tracking, and risk acceptance processes
- Strong knowledge of security controls, risk frameworks, and audit requirements
- Experience working with GRC/TPRM tools (ServiceNow GRC or similar platforms)
- Ability to develop and present executive-level dashboards, risk metrics, and reports
- Strong stakeholder management skills across Procurement, Legal, Compliance, IT, and Business teams
- Experience in contract security reviews and defining cybersecurity clauses
- Strong analytical and problem-solving skills in risk evaluation and decision-making
- Experience in audit support, regulatory reviews, and compliance assessments
- Ability to drive process improvements, automation, and scalability in TPRM programs
Strong communication skills to act as a trusted advisor to business stakeholders
Education: Any Graduation, Any Post Graduation
Note: This role is open for both Hyderabad and Bangalore locations. Candidates currently based in Bangalore who are open to relocating to Hyderabad are also encouraged to apply.
Click on Apply to know more.