Specialist-Third Party security Assessor

Job Title: Specialist-Third Party security Assessor

Function/Department: Information Security Group

Job Purpose:

The Third-Party Technology Risk Management team assumes primary responsibility for overseeing the risks linked to third-party vendors and suppliers on behalf of the bank. This role necessitates close collaboration with vendor stakeholders to ensure that the bank's shared data remains safeguarded through suitable security measures. It involves mitigating data-related risks and ensuring adherence to regulatory requirements. This entails evaluating the efficacy of these measures from the standpoint of data security and privacy. As a Third-Party Security Assessor, will be responsible for evaluating and assessing the security practices and controls of third-party vendors who have access to sensitive data or provide services to the organization. role is crucial in identifying and mitigating risks associated with outsourcing arrangements, ensuring compliance with regulatory requirements, and safeguarding the integrity of the Bank's data and systems. The individual in this position must stay updated on emerging technologies, secure configuration standards, and associated risks.

Roles and Responsibilities:

• Conduct Third-Party Security Assessments: Perform comprehensive assessments of third-party vendors' security controls, policies, and procedures to identify potential vulnerabilities and risks.
• Risk Analysis: Analyze the results of security assessments to evaluate the level of risk posed by third-party engagements. Assess the impact of identified vulnerabilities on the organization's data security and operational resilience.
• Regulatory Compliance: Ensure that third-party engagements comply with relevant regulatory requirements, industry standards, and contractual obligations. Stay updated on regulatory changes and incorporate them into assessment processes.
• Documentation and Reporting: Document assessment findings, including identified vulnerabilities, risks, and recommendations for remediation. Prepare clear and concise reports to communicate assessment results to stakeholders, including senior management and regulatory bodies.
• Collaboration: Collaborate with internal stakeholders, including Business and Vendor Relationship Managers, Legal, Information Security, and Procurement teams, to facilitate the assessment process and ensure alignment with organizational objectives.
• Vendor Management: Provide guidance to Business and Vendor Relationship Managers on selecting, onboarding, and managing third-party vendors from a security perspective. Assist in establishing and maintaining vendor security requirements and standards.
• Continuous Improvement: Identify opportunities to enhance the effectiveness and efficiency of the third-party security assessment process. Implement best practices and lessons learned from previous assessments to continuously improve security posture.

Education Qualification:

Graduation: Bachelor's in Engineering / Technology / Computer Science / Information Security, or related field.

Post-graduation: PGDM / MBA / Mtech / MCA

Professional Qualification/Certification: CISSP, CISA, or CISM are preferred

Experience: 5 to 10 years of relevant experience in conducting security assessments and risk analysis, preferably in a financial or regulated industry.