eSec Forte® Technologies
Website:
esecforte.com
Job details:
Scope of Work – Third -Party Risk Reviewer (Sr. Resource)
- The resource should have in-depth knowledge on the audit lifecycle process, information security controls and would be able to conduct the risk assessment based on ISO 27001, PCI DSS, Cloud based controls and applicable regulatory circular, guidelines, framework etc
- Responsible for planning calendar, no. of risk assessments, taking accountability and ownership of audit lifecycle, stakeholders management, timely KRI preparation, creation of data for monthly reporting to the forums/regulatory requirements etc
- The Resource shall have to conduct onsite assessment of the vendors unless the outsourced vendor requests for virtual / remote assessment in exceptional cases only.
- He/She should have prior banking/BFSI audit experience of atleast 5-7 years
- The resource should be acquainted with enough skills to prepare draft reports and final reports of the assessment
- The skillful resource should have enough understanding of assessing the evidence, ability and understanding to decide on acceptance/rejection of the evidence or requirement of additional evidence for closure of the audit finding. The resource shall be technically competent to guide the other team members on the audit assessment gaps.
- The resource should maintain the records and work papers for each of the audits as per format and process of the bank and shall keep it updated as per the progress and development.
- The resource shall have to send periodic reminders for the evidence as per process, consistent follow-ups to be done for closure of the findings.
- The initial draft report should be reviewed by Supervisory Senior from supplier audit team to validate the controls of the overall findings.
- The draft report will also be reviewed by the infosec team, Third Party Risk Assessment Lead and provide inputs (if any)
- The release of timely reports and tracking of observations / evidence will be the supplier’s responsibility and shall be strictly governed as per the SLA
- The documents/reports/case papers of the vendor assessment will be property and are strictly confidential.
- The Engagement will be for a period of a minimum of one year and every year the contract can be renewed annually.
- The resource must prepare and maintain the monthly /quarterly data, inputs required for regulatory submission.
- The out-of-pocket expenses incurred for the onsite Risk Assessment shall be paid as per actuals.
Minimum Certification – ISO 27001 LA, PCI DSS (preferred), CISA/CISM/CRISC/CISSP etc
𝘚𝘵𝘢𝘺 𝘶𝘱-𝘵𝘰-𝘥𝘢𝘵𝘦 𝘸𝘪𝘵𝘩 𝘰𝘶𝘳 𝘭𝘢𝘵𝘦𝘴𝘵 𝘫𝘰𝘣 𝘰𝘱𝘦𝘯𝘪𝘯𝘨𝘴 𝘢𝘯𝘥 𝘪𝘯𝘥𝘶𝘴𝘵𝘳𝘺 𝘪𝘯𝘴𝘪𝘨𝘩𝘵𝘴 𝘣𝘺 𝘧𝘰𝘭𝘭𝘰𝘸𝘪𝘯𝘨 𝘶𝘴:eSec Forte® Technologies!
Click on Apply to know more.