Sr Associate Cybersecurity

The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities:

Conduct Cybersecurity Assessments:

Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices.

Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation.

Risk Analysis and Reporting :

Analyze assessment results to determine the level of risk associated with each third-party relationship.

Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team.

Vendor Onboarding and Monitoring:

Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR).

Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks.

Collaboration and Communication :

Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management.

Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner.

Policy and Procedure Development :

Contribute to the development and enhancement of TPRM policies, procedures, and guidelines.

Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program.

Training and Awareness :

Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements.

Experience Level: 3+ years.

Location: Hyderabad / Bengaluru

Required skills:

• 3 years minimum experience in third-party risk management / risk consulting / cyber security assessments.
• Demonstrated experience in third-party risk management and vendor security assessments.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
• Good understanding of various third-party risk management frameworks and standards.
• Proficiency in using security assessment tools and methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
• Detail-oriented with strong organizational and project management skills.

Desirable skills:

• Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management.
• Prior experience with Telecom sector.
• Relevant certifications such as CISSP, CISM, CRISC, or CISA