Third Party Risk Manager

Your Journey at Crowe Starts Here:

At Crowe, you can build a meaningful and rewarding career. With real flexibility to balance work with life moments, you're trusted to deliver results and make an impact. We embrace you for who you are, care for your well-being, and nurture your career. Everyone has equitable access to opportunities for career growth and leadership. Over our 80-year history, delivering excellent service through innovation has been a core part of our DNA across our audit, tax, and consulting groups. That's why we continuously invest in innovative ideas, such as AI-enabled insights and technology-powered solutions, to enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry.

Job Description:

Job purpose:

• Manager in the Crowe's Third-Party Risk Management team to work on various TPRM projects for our customers / Clients across the globe.
• You will be responsible for delivering on accounts in accordance with Crowe's quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis for the firm.
• Establishing, strengthening, and nurturing relationships with Vendors, Clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture within the Organization.
• In line with Crowe's commitment to quality, you'll confirm that work is of the highest quality as per Crowe's quality standards.

What you'll do:

Your client responsibilities:

• Assess cybersecurity controls, programs and strategies using our proprietary framework and industry frameworks.
• NIST Risk Management Framework and Assessment and Authorization enhancement, operations, and governance.
• Cybersecurity focused Third-Party Risk management and/or Vendor Risk Management operations, assessment, and enablement.
• Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client / Vendor situations.
• Plan & deliver on client / Vendor engagements. Provide regular status updates on the engagements and work products.
• Actively contribute to improving operational efficiency on projects & internal initiatives.
• Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices).
• Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel.
• Drive high-quality work products within expected timeframes while ensuring stakeholders are kept informed about progress and expected outcomes.

Your people responsibilities:

• Demonstrate teamwork, integrity, values, principles, and work ethic and lead by example.
• Driving the quality culture agenda at Crowe.
• Participating in the organization-wide people initiatives.

Desired / Required skills:

• Relevant 7+ years' experience in Information security, risk management, vendor/ third-party risk assessment.
• Experience in handling a team of 4 or more is required.
• Onsite Vendor audit experience is desired
• Industry certifications – ISO 27001 Lead Auditor, CISA, CISSP, CISM, CCSP, CTPRA and any cloud Certifications is an added advantage.
• Good knowledge of Privacy, Governance and reporting.
• Excellent written and verbal communication skills.
• Strong Auditing skills are mandatory.
• Cloud Security fundamentals are desired.
• Strong problem solving and logical approach skills.
• Consistent display of technical proficiency.
• Ability to work under pressure with stringent deadlines and tough client conditions which may demand extended working hours.
• Willingness to travel, when required.

Technical Skills:

• Expertise in cyber security including standards such as IS0 27001, PCI-DSS, IS0 22301, Privacy etc.
• Hands on experience in assessing Audit reports like SOC2 Type2 reports, Penetration testing reports, Vulnerability assessment reports, PCI DSS reports etc.
• Sound knowledge of technical domains such as network security, cloud security, application security, control testing, legal and compliance, data privacy, human resource related controls, supply chain, environmental security, cryptography.
• Strong knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations exposure.
• Good knowledge of IT infrastructure.
• Knowledge of incident management, disaster recovery and business continuity management.
• Sound familiarity with Secure SDLC standards / frameworks.

We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.

Our Benefits:
At Crowe, we know that great people are what makes a great firm. We value our people and offer employees a comprehensive benefits package. Learn more about what working at Crowe can mean for you

How You Can Grow:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper

More about Crowe:

C3 India Delivery Centre LLP formerly known as Crowe Howarth IT Services LLP is a wholly owned subsidiary of Crowe LLP (U.S.A.), a public accounting, consulting and technology firm with offices around the world. Crowe LLP is an independent member firm of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory firms in more than 130 countries around the world.

Crowe does not accept unsolicited candidates, referrals or resumes from any staffing agency, recruiting service, sourcing entity or any other third-party paid service at any time. Any referrals, resumes or candidates submitted to Crowe, or any employee or owner of Crowe without a pre-existing agreement signed by both parties covering the submission will be considered the property of Crowe, and free of charge.