Information Security Third-party Risk Management

Years

1 Opening

Bengaluru

The Senior Associate, Information Security Third-party Risk Management position will be an integral member of the Information Security and Risk Management team.

The Senior Associate will support the Information Security & Risk Management team in executing Grant Thornton's Third-Party Risk Management (TPRM) Framework. This role focuses on performing vendor risk assessments, maintaining risk records, and assisting with remediation oversight under the guidance of senior team members.

This role will be in Chief Information Security Officer (CISO) office under Associate Director, Information Security Governance, Risk and Compliance.

The successful candidate will have a good mix of technical knowledge of Information technology, Networking, Applications, and understanding of industry security best practices, and some experience in information security risk management program.

The ideal candidate:

is a self-starter, with the ability to drive tasks to and learn new skills on the job.

possesses analytical thinking, is comfortable managing multiple tasks within a fast-paced environment and has worked collaboratively in a third-party risk mgmt. team environment.

possesses good verbal and written communication skills, pragmatic, and team collaborator.

Key Responsibilities:

Conduct basic security risk assessments for third-party vendors using OneTrust.

Maintain and update the risk register for supplier risks.

Support remediation tracking for supplier security findings.

Prepare summary reports for review.

Ensure compliance with firm security policies and procedures.

Collaborate with internal teams and vendors to collect required evidence documentation.

Help execute the information security third-party risk management framework.

Prepare risk registers in OneTrust to monitor and track risks.

Help development of CUECs to document shared responsibility model.

Required Experience

Experience with information security risk management framework, assessment, audit, and controls based on industry standard frameworks (i.e., NIST; ISO)

Some experience of using GRC tools and technologies in support of the assessment/audit process preferred (OneTrust, Security Scorecard, BitSight, etc.)

Experience gathering information from a range of different sources to help identify weaknesses in security controls.

Demonstrates good understanding across multiple information security domains preferred.

Qualifications

Bachelor's degree in computer science, Engineering or related field or equivalent work experience

CISA, CRISC, CISM, CISSP, or Lead Auditor ISO 27000 certifications (at least one) preferred or working towards it.

Demonstrates good verbal and written communication skills.

Excellent organization skills and be a self-motivated learner.

Very good experience in execution of Information Security third-party risk management program

'Grant Thornton INDUS' comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn't just what we do – it's how we do it. We support and enable the firm's purpose of making business more personal and building trust into every result. We're collaborators – obsessed with quality and ready for anything – who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton's access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India – Bengaluru and Kolkata