Cybersecurity - Third Party Risk Management Specialist

Job Description

Job Description

Be part of the solution at Technip Energies and embark on a one-of-a-kind journey. You will be helping to develop cutting-edge solutions to solve real-world energy problems.

We are currently seeking a Cybersecurity - Third Party Risk Management Specialist, to join our Cybersecurity team based in Noida.

About us:

Technip Energies is a global technology and engineering powerhouse. With leadership positions in LNG, hydrogen, ethylene, sustainable chemistry, and CO2 management, we are contributing to the development of critical markets such as energy, energy derivatives, decarbonization, and circularity. Our complementary business segments, Technology, Products and Services (TPS) and Project Delivery, turn innovation into scalable and industrial reality.

Through collaboration and excellence in execution, our 17,000+ employees across 34 countries are fully committed to bridging prosperity with sustainability for a world designed to last.

Global Business Services India

At Technip Energies, we are continually looking for ways to become more efficient, and ways to improve our quality, customer focus and cost competitiveness. The T. EN Global Business Services (TGBS) organization is key to executing this strategy, by standardizing our processes and centralizing our services.

Our Vision: A customer focused, cost efficient, innovative, and high performing organization that drives functional excellence.

GBS provide streamlined and consistent services to our internal customers in the domain of Finance and Accounting, Human Resources, Business Functional Support, Procurement and Legal. Our services fit our global organization and allow us to focus on business strategy and priorities. GBS also maintains continuous improvement plans to enhance our customer-oriented service culture.

About the opportunity we offer:

- Due Diligence and Onboarding: Conducting initial risk assessments on potential new vendors. This involves evaluating their security posture, reviewing their security policies and controls, and ensuring they meet the organization's minimum-security requirements before a contract is signed. This process often includes sending out detailed questionnaires and reviewing certifications like SOC 2 or ISO 27001.
- Risk Assessment and Analysis: A core responsibility is performing comprehensive cybersecurity risk assessments on new and existing third parties and assigning it into a risk category (e.g., critical, high, medium, low) based on type of risk they can bring to organization. A vendor handling sensitive customer data would be a high-risk vendor, while an office supply vendor would be low risk.
- Definition of requirement: Once the risk profile is identified, security requirements and contractual clauses need to be defined and applied in partnership with procurement and business stakeholders to include such requirements within the contract or agreement.
- Continuous Monitoring: Cybersecurity threats are constantly evolving, so a one-time assessment is not enough. A key duty is performing continuous monitoring of third-party vendors to detect changes in their security posture, such as new vulnerabilities, a data breach, or a drop in their security ratings. It can be performed by analyzing third-party assurance reports (e.g. SOC 2 Type II) and/or with automated tools.
- Reporting and Communication: Preparing and presenting reports on third-party risk exposure to internal stakeholders
- Responsible for defining and maintaining third parties security policy, standards and procedures.

About you:

- At least 8 years of experience in Cyber risk management and Third-Party Risk Management with the ability to identify, analyze, and quantify risks.
- GRC Platforms: Experience using Governance, Risk, and Compliance (GRC) tools to manage the TPRM lifecycle.
- Regulatory Awareness: Experience in dealing with cyber security standards and privacy regulations such as ISO27001, NIST CSF, ISA/IEC 62433, CIS, Cyber Essentials, NIS2, GDPR and CCPA.
- Experience with Oil and Gas industry is a plus.
- Experience in writing policies, procedures.

Technical Experience:

- Understanding of IT and OT domains along with their differences.
- Good knowledge of cybersecurity standards and best practices such as ISO27001, ISA/IEC 62433, IEC 61850, IEC 27019, NIST CSF, CIS.
- Good knowledge of Third-Party Risk Assessment Tools (e.g. Black Kite, BitSight, Security Scorecard, RiskRecon, or Up Guard for continuous monitoring of vendor security posture.
- Familiarity with Governance, Risk & Compliance tools like SureCloud, Archer, ServiceNow GRC, or MetricStream for tracking third-party risks.
- Experience with SIG (Standardized Information Gathering) questionnaires or CAIQ (Consensus Assessments Initiative Questionnaire) from the Cloud Security Alliance.
- Understanding of GDPR, CCPA, and other regional data protection laws that impact third-party engagements.
- Ability to review security clauses in contracts, SLAs, and DPAs (Data Processing Agreements) to ensure alignment with internal security policies.
- Knowledge of how to incorporate threat intelligence feeds into third-party risk assessments.
- Familiarity with incident response procedures involving third parties, including breach notification and containment protocols.
- Understanding shared responsibility models in cloud environments (AWS, Azure, GCP) and how third-party risks manifest in cloud services.
- Ability to support internal and external audits related to third-party cybersecurity controls.
- Understanding of risks related to open-source components, software dependencies, and SBOMs (Software Bill of Materials).

Your career with us:

Working at Technip Energies is an inspiring journey, filled with groundbreaking projects and dynamic collaborations. Surrounded by diverse and talented individuals, you will feel welcomed, respected, and engaged. Enjoy a safe, caring environment where you can spark new ideas, reimagine the future, and lead change. As your career grows, you will benefit from learning opportunities at T.EN University, such as The Future Ready Program, and from the support of your manager through check-in moments like the Mid-Year Development Review, fostering continuous growth and development

What's next

Once receiving your application, our Talent Acquisition professionals will screen and match your profile against the role requirements. We ask for your patience as the team completes the volume of applications with reasonable timeframe. Check your application progress periodically via personal account from created candidate profile during your application.

We invite you to get to know more about our company by visiting and follow us on LinkedIn, Instagram, Facebook, X and YouTube for company updates.