Vendor Security Risk Assessment or Third-Party Risk Assessment (TPRM)

Job Title: Vendor Security Assessment Engineer

Location: Gurugram

Job Summary: We are seeking a highly skilled Vendor Security Assessment Engineer to evaluate and ensure the security posture of third-party vendors , partners, and suppliers. This role involves assessing vendor compliance with security policies, industry standards, and regulatory requirements. The ideal candidate will have a strong background in cybersecurity, risk assessment and vendor management.

Key Responsibilities

• Conduct security assessments of third-party vendors , identifying risks and recommending mitigations.
• Evaluate vendor compliance with security frameworks such as ISO 27001, NIST, SOC 2, GDPR, and other relevant regulations.
• Review penetration testing reports, cloud configuration reports, and report findings.
• Perform security due diligence and risk analysis for vendor onboarding and ongoing vendor relationships.
• Collaborate with internal teams, including procurement, legal, and IT security, to ensure security requirements are met.
• Develop and maintain security assessment questionnaires and methodologies.
• Monitor vendor security incidents and work with vendors to resolve security gaps.
• Provide recommendations for vendor risk remediation and track progress.
• Maintain documentation of security assessment results and provide regular reports to management.
• Stay up to date with emerging security threats and industry best practices.
  
  

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3 to 6 years of experience in security risk assessment , vendor risk management .
• Strong understanding of security frameworks and regulatory compliance requirements.
• Ability to analyze security policies, architecture, and controls of third-party vendors.
• Excellent communication and interpersonal skills.
• Relevant security certifications (e.g., CISSP, CISA, CISM, CRISC, or equivalent) are a plus.
  
  

Preferred Qualifications

• Experience working in a cloud security environment (AWS, Azure, GCP).
• Familiarity with third-party risk management tools and platforms.
• Knowledge of data privacy laws and secure data handling practices.
• Experience in contract review from a security and compliance perspective.
  
  

Interested applicants with relevant experience can forward your CV to [Confidential Information]

This job is provided by Shine.com