GRC Specialist, Vendor Risk Management

Operations Requisition ID 4465 Pune, India

Description

  • Designing and implementing broad third-party governance and risk management frameworks/processes, developing third-party risk and control assessments, and implementing managed services to improve/enhance an organization’s Supplier Relationship and Supplier Risk Management program.
  • Support the customer lifecycle of 3rd party risk management by managing the documentation and distribution of responses to customers through customer engagement.
  • Customer Security Questionnaires, Customer’s Vendor Risk Management questionnaires, Qualys’ Supplier Risk Management, Custom Audits, and other applicable documentation.
  • Demonstrated problem-solving capacity and the ability to make decisions that impact customer/supplier service levels with a sense of urgency.
  • Provide subject matter mentoring and training to peers and other colleagues in the organization.
  • Identify opportunities for improvements in security and business processes, and partner with the GRC Design & Innovation team to implement enhancements to the Issues & Exceptions Management processes.

Basic Qualifications

 

  • Master's degree in business, information systems or computer science, or equivalent experience.
  • 6 to 7 years of experience in Information Security Governance, Risk, and Compliance, preferably in a cloud-focused organization.
  • Experience with information security frameworks such as FedRAMP, SOC 2, ISO 27001/2, NIST SP 800-53, Cybersecurity Framework, Supplier-Chain Risk Management Framework.
  • Experience with Supplier Risk Management Tools or Automation of Third-Party Risk Management process.
  • You have created and maintained relationships with business and technical experts throughout the company who provide expertise in security requirements and solutions design.

EEO Employer/Vet/Disabled