Security Risk Manager - ISMS

Job Summary : We are seeking a highly skilled and experienced Security Risk Manager to join our team and play a critical role in managing and mitigating security risks associated with our third-party vendors. You will be responsible for overseeing the entire lifecycle of supplier risk assessments, ensuring our vendors meet our stringent security requirements and comply with relevant policies and standards. Your expertise in information security best practices and third-party risk assurance will be essential in safeguarding our organization's assets and : - Manage and conduct comprehensive security risk assessments of potential and existing suppliers, including the thorough analysis of their security controls, processes, and technologies. - Produce clear, concise, and actionable reports summarizing the findings of supplier risk assessments, including identifying vulnerabilities, assessing risk levels, and providing practical recommendations for remediation. - Act as the primary point of contact for business units and external vendors regarding security requirements and compliance. - Liaise with business stakeholders and external vendors to ensure that vendor services and products meet the baseline security requirements as defined by our internal security policies and standards. - Diligently track the progress and closure of supplier risk assessments and all identified security issues arising from Third Party Security Assurance (TPSA) reviews. - Utilize Bitsight or similar security rating software to proactively carry out non-intrusive technical assessments of current and future third-party vendors, monitoring their security posture. - Schedule and conduct periodic security reassessments of vendors based on their criticality and tier, ensuring ongoing compliance. Perform thorough off-boarding security assessments at the end of vendor contracts. - Provide expert advice and support to management on all Compliance and Security issues related to third-party vendors. - Assist in the planning and execution of remedial actions taken as a result of security or governance failures identified during vendor assessments. - Produce regular monthly and quarterly progress and status reports on third-party risk management activities, including assessment completion rates, identified risks, and remediation efforts. - Assist with incident management and investigation activities, particularly those involving third-party vendors, to understand the scope and impact of security : - Bachelor's degree in Computer Science, Information Security, or a related field. - Minimum of 5 years of demonstrable experience in the field of Information Security. - Proven previous experience in a dedicated vendor security management or third-party risk management role. - Comprehensive understanding of Information Security Management System (ISMS) best practices, including in-depth knowledge of relevant policies and standards such as ISO27001, ISO27005, ISO22301, and PCI-DSS. - Thorough understanding of Third Party Security Assurance (TPSA) activities, methodologies, and best practices. - A solid knowledge of network security management technologies, including firewalls, Cisco networking devices, databases (various types), Unix and Windows operating systems, and middleware technologies. - Must possess the ability to create clear, concise, and easy-to-understand security documentation and training materials for both technical and non-technical Skills : - Relevant certifications such as CISA, CISSP, CRISC, or CCSP. - Experience with other security risk management frameworks and methodologies. - Familiarity with legal and regulatory requirements related to data privacy and security (e.g., GDPR, CCPA). - Experience with contract review and security clauses. - Strong project management skills. - Excellent negotiation and conflict resolution skills. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 4/16/2025