DigiHelic Solutions

Role Description :

- Lead the end-to-end third-party risk assessment process including initial due diligence, onboarding, and periodic reviews.

- Collaborate and lead discussions with various departments from clients team including Legal, IT Security, Procurement, and Business Units to ensure comprehensive risk coverage.

- Lead engagement team in delivering client engagements and assist delivery team members during engagements.

- Develop and maintain the TPRM framework, policies, and procedures in line with industry best practices and regulatory expectations.

- Prepare and present risk reports, dashboards, and metrics to senior management and risk committees.

- Act as a subject matter expert during third-party risk assessments, with expertise in regulatory and compliance frameworks such as ISO 27001, SOC 2, NIST, GDPR, and RBI Guidelines, PCI DSS etc.

- Perform quality reviews of work performed by team members.

- Should be able to work independently on short term engagements.

- Support Managers/AD/D in assessment/ audit execution, reporting, quality review and tracking.

- Support Managers/AD/D in responding to RFP, proposals and new opportunities of business development.

- Provide ongoing improvement opportunities including automation of third-party assessment execution.

- Flexible to step-in and perform work on ground such as conducting risk assessments and audits with respect to people, process and qualifications :

- Relevant years of experience in IT Audits, Cloud security assessment.

- Experience with ISO22301, 27001 implementation and audits.

- Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified

Professional, CISA to work in a cross-functional, cross-cultural matrix environment.

- Understanding of Third party/vendor/supplier risk management considerations.

- Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant

control frameworks for Third party risk management.

- Excellent written/verbal communication.

- Excellent documentation and presentation skills.

- Highly motivated and willing to work in local and global environments.

- Security certifications like CISSP, CISA, CISM, CEH, ISO27001.

- Work experience in Infrastructure / Application Security.

- Work experience in IT Audit.

- Work experience in Information Risk Management.