Third Party Risk Assessments Specialist

Job Title- Third Party Risk Assesment

Location- Bangalore

Work Mode- Hybrid

Position Type- Fulltime

Required Experience-3+yrs of relevant experience.

The Risk Assessment Specialist role sits within Aon's Global Cybersecurity Services (GCS). The scope of this role is global.

We are looking for an Information security professional who has strong intermediate to advanced knowledge of most security domains and can utilize their expertise to perform activities related to security assessments.

The Assessment Specialist will execute day-to-day responsibilities related to security assessments. This would involve performing third party / supplier security assessments, and/or IT compliance activities related to SOC2, PCI, FCA, HIPPA, Data privacy etc.

The role required a close cooperation with other GCS security functions such as Business Continuity, Physical Security, Cyber security and others and interaction with various Aon business teams, Technology and Privacy teams etc.

Aon is in the business of better decisions

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive team and we are passionate about helping our colleagues and clients succeed.

What the day will look like

The role required a close cooperation with other GCS security functions such as Business Continuity, Physical Security, Cyber security and others and interaction with various Aon business teams, Technology and Privacy teams etc.

• Gain insight into Aon's Global business units and their service offerings and Global IT environment across all regions Americas, EMEA and APAC.
• Develop fair understanding about the Coupa Risk Assess tool which will be used for managing Aon's Assessment program and engagements.
• Create / Maintain accurate process documentation for Global Risk Assessment processes
• Build relationships with internal and external partners for the administration of the Third-Party Risk Management Program
• Produce status reports and time reporting
• Interest in developing knowledge in security
• Assist with other Global Security Services (GCS) initiatives or projects as required.

Third Party / Suppliers

• Manage and support the Third-Party Risk Assessment Survey Process for assigned third party using existing tools and templates to:
  • Qualify third party supplier
  • Administer Online Survey to third party suppliers
  • Mitigate third party risks
• Perform third Party supplier security governance activities which includes the following:
  • Perform security assessment of third-party supplier based on third party's questionnaire responses and documentation with medium complexity
  • Provide report highlighting third party risks (control findings or control gaps) along with recommended remediation actions if required

.

Skills and experience that will lead to success

• Excellent knowledge about NIST cyber security framework, ISO27001 security domains, processes and controls
• Certifications are preferred but not mandatory - CTPRP (Certified Third-Party Risk Professional) / CISA / CISM / CISSP / ISO 27001 Lead Auditor / CRISC
• Minimum 2 years Specialist-Level 7 / Preferred 1 year experience but not mandatory with relevant experience/ exposure in Information security / NIST cyber security framework / ISO 27001 processes and controls, infrastructure protection and information technology audit experience
• Basic knowledge and understanding about multi-platforms e.g. Experience in UNIX, Windows and IP intranet/Internet security environments including firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.
• Knowledge of corporate security and network policies and procedures, and experience in compliance management leadership role.
• Demonstrated competency in developing effective solutions to diverse and complex business problems
• Exposure linking legal and regulatory statutes with corporate policies
• Basic understanding of NIST cyber security framework, ISO 27002 and PCI DSS Standards
• Basic knowledge of regulatory requirements such as Sarbanes Oxley, HIPPA, GLBA etc.
• Strong partnering, communication and presentation skills
• Cross-Cultural Competence
• Professionally well spoken and written English is required. Knowledge about any additional languages like Chinese, Korean, Japanese, Spanish will be an added advantage
• Teamwork. Demonstrated ability to work effectively within a team environment
• Strong analytical and problem-solving skills
• Business Acumen and Customer Focus
• Ability to successfully prioritize and multi-task comfortably with change and complexity
• Demonstrated ability to deliver high quality, accurate work within tight deadlines
• Demonstrated ability to handle confidential information in an appropriate manner

How we support our colleagues

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two Global Wellbeing Days each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well.

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.

We are committed to providing equal employment opportunities and fostering an inclusive workplace. If you require accommodations during the application or interview process, please let us know. You can request accommodations by emailing us at or your recruiter. We will work with you to meet your needs and ensure a fair and equitable experience.

#LI-RK2