423806 Supplier Cyber Risk & Assurance Analyst (Open)

Company Overview

Not Provided

Job Summary

The Supplier Cyber Risk & Assurance Analyst will support the Supplier Cyber Risk and Assurance processes across all business units and support functions within the organization. This role is crucial in ensuring that cyber security risks introduced by third parties are understood, managed, and mitigated effectively.

Responsibilities

• Conduct comprehensive supplier cybersecurity assessments and generate detailed reports, ensuring alignment with up-to-date departmental procedures and industry best practices.
• Continuously develop and enhance the third-party risk management process framework for security risk, incorporating the latest standards, procedures, emerging technologies, and AI-driven insights.
• Review and analyze supplier security practices through questionnaires, audits, scans, and assessments to ensure compliance with company cyber security standards.
• Coordinate and respond to security incidents involving suppliers, including investigation, mitigation, and reporting.
• Examine supplier contracts to ensure they include necessary security clauses and negotiate terms to address identified risks.
• Provide clear and effective support to internal third-party relationship owners and external third-party representatives, facilitating accurate responses to the security risk assessment questionnaire.
• Collaborate closely with Legal and Procurement teams to ensure the inclusion of robust security and privacy clauses in third-party contracts, in line with current regulatory and industry requirements.
• Deliver ongoing training and awareness programs related to the supplier cyber risk and assurance process, keeping pace with the latest industry trends and threats.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS, etc.
• Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products.
• Preferred Security Certifications: CISSP, CISM, CISA, CTPRA, CTPRP, CRISC, ISO27001: 2022 LA & LI, ISO42001 AI.
• Practical experience with third-party risk management tools such as Archer, OneTrust, Certa, CyberGRX, UpGuard, and ServiceNow.
• Strong analytical skills to identify, evaluate, and prioritize potential cyber risks from suppliers.
• Proficiency in documenting cyber security findings, creating reports, and presenting recommendations to management.
• Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority.

Preferred Skills

• Knowledge of relevant regulations and compliance standards such as GDPR, HIPAA, PCI-DSS, etc.
• Sound knowledge in Power BI, Tableau, and advanced features of Excel.
• Expertise in reviewing and negotiating supplier contracts to ensure they include necessary security clauses.
• Understanding of cybersecurity principles, tools, and technologies used to protect against threats.
• Familiarity with GRC technologies to conduct cyber risk management.
• Knowledge of DevSecOps will be a plus.

Experience

• Prior experience in conducting cyber security risk assessments and third-party security and data privacy assessments.
• Extensive experience in designing and developing security policies, processes, standards, and contracts.
• Experience working with virtual teams located in different countries, aligning and adapting to different work cultures and communication styles.

Environment

• Hybrid work mode, with a typical work setting located in Bengaluru Luxor North Tower.

Salary

• Estimated salary range: ₹2,500,000.

Growth Opportunities

Not Provided

Benefits

Not Provided