DigiHelic Solutions

Role Description : - Lead the end-to-end third-party risk assessment process including initial due diligence, onboarding, and periodic reviews.- Collaborate and lead discussions with various departments from clients team including Legal, IT Security, Procurement, and Business Units to ensure comprehensive risk coverage.- Lead engagement team in delivering client engagements and assist delivery team members during engagements.- Develop and maintain the TPRM framework, policies, and procedures in line with industry best practices and regulatory expectations.- Prepare and present risk reports, dashboards, and metrics to senior management and risk committees.- Act as a subject matter expert during third-party risk assessments, with expertise in regulatory and compliance frameworks such as ISO 27001, SOC 2, NIST, GDPR, and RBI Guidelines, PCI DSS etc.- Perform quality reviews of work performed by team members.- Should be able to work independently on short term engagements.- Support Managers/AD/D in assessment/ audit execution, reporting, quality review and tracking.- Support Managers/AD/D in responding to RFP, proposals and new opportunities of business development.- Provide ongoing improvement opportunities including automation of third-party assessment execution.- Flexible to step-in and perform work on ground such as conducting risk assessments and audits with respect to people, process and qualifications :- 6+ Relevant years of experience in Third party risk management.- Relevant years of experience in IT Audits, Cloud security assessment.- Experience with ISO22301, 27001 implementation and audits.- Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA to work in a cross-functional, cross-cultural matrix environment.- Understanding of Third party/vendor/supplier risk management considerations.- Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management.- Excellent written/verbal communication.- Excellent documentation and presentation skills.- Highly motivated and willing to work in local and global environments.- Security certifications like CISSP, CISA, CISM, CEH, ISO27001.- Work experience in Infrastructure / Application Security.- Work experience in IT Audit.- Work experience in Information Risk Management. (ref:hirist.tech)