Risk Manager, Vendor Security
15 hours ago
Do you want to be instrumental in the success of some of Amazon's strategic and high impact projects and programs. Risk Manager, Vendor Security works as an individual contributor, capable of contributing to the delivery of technical global programs and projects, managing stakeholders, assessing the security risk of vendors by partnering with multiple stakeholders to ensure vendors meet Amazon's security bar. This highly visible and challenging position is self-driven, project and compliance focused, and goal oriented, with the objective of delivering business solutions that meet stakeholder needs.
The team function sits within Finance, within the Finance Operations Risk, Governance & Experience FORGE) organization and as such, this position will work with leadership in Finance, Vendor Management, Compliance & Controllership, and Technology Teams.
Key job responsibilities
- Security Assessments: 1) Acting as subject matter expert on technology implementation, changes and risk-based security reviews and assessments. 2) Collecting/reviewing data from multiple sources to assess a third party's security. 3) Building, evolving, and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained. 4) Serving as an advisor on security & compliance issues for operations staff
- Perform risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures
- Internal project and program management: Contribute to technical global projects from annual program roadmaps and/or as part of ad-hoc requests from stakeholders. This includes all end to end stages of project management, from business requirements gathering and scoping to change management and delivery
- Reporting: prepares reports on given cadences to share status of ongoing projects, programs, and goals completion/progress (i.e. MBR, QBR, monthly updates, etc.)
- Goals and roadmap planning: provide input on the creation of annual program roadmaps and goals supported by the team
- Stakeholder management: manage communication with both internal and external stakeholders and support them through the delivery of projects
- Documentation: provide support on creation of standard operation procedures (SOP), frameworks, and project documentation, among others
- 2+ years of relevant Information Security experience
- 2+ years of Technical Risk Assessment experience
- 5+ years Technical knowledge and / or experience in at least one security domain such as engineering, system and network security, authentication, or security protocols
- Proven working experience in change/stakeholder management and project documentation (i.e. contributing to project playbooks, building schedules, managing issues/risks, establishing communication plans and stakeholder engagement, among others)
- Ability to influence stakeholders across the organization without direct reporting lines
- Ability to lead and execute multiple initiatives simultaneously
- Excellent oral, written, and interpersonal communication skills
- Ability to adapt well to changing circumstances, direction, and strategy
- CISSP, CISA, or related Information Security certification
- Automation experience, i.e. VBA, Macros, advanced MS Excel, etc.
- Project management certification such as PRINCE2 or PMP
- Certification of Competency in Business Analysis (CCBA)
- Proficiency in a second language (different than English)
- Strong interpersonal and communication skills
- Ability to thrive in a fast paced, ever changing environment
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
-
Vendor Security Risk Management
4 weeks ago
Hyderabad, Telangana, India Strada Full timeOur storyStrada is a technology-enabled, people powered company committed to delivering world-class payroll, human capital management, and financial management solutions to organizations globally.With a team of more than 8,000 experts and over 30 years of expertise, Strada blends leading-edge technology with human ingenuity to help businesses across the...
-
Risk Manager, Vendor Security
2 days ago
Hyderabad, Telangana, India Amazon Full time ₹ 12,00,000 - ₹ 36,00,000 per yearDo you want to be instrumental in the success of some of Amazon's strategic and high impact projects and programs. Risk Manager, Vendor Security works as an individual contributor, capable of contributing to the delivery of technical global programs and projects, managing stakeholders, assessing the security risk of vendors by partnering with multiple...
-
Senior Vendor Cyber Risk Analyst
3 weeks ago
Hyderabad, Telangana, India S&P Global Market Intelligence Full timeJob DescriptionThe Team:- As part of Vendor Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that large number of data breaches happen due to...
-
Cyber and 3rd party risk manager
4 weeks ago
Hyderabad, Telangana, India Amgen Inc Full timeJob DescriptionDescriptionThe Cyber and 3rd Party Risk Manager will be responsible for identifying, assessing, and mitigating cyber risks associated with third-party vendors, ensuring compliance with security policies and regulations.Responsibilities- Identify, assess, and manage cyber risks associated with third-party vendors.- Develop and implement risk...
-
Cyber and 3rd party risk manager
4 weeks ago
Hyderabad, Telangana, India Amgen Inc Full timeJob Description- This is a lead role to support the risk management product team in identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in...
-
Information Security Risk Management Lead
3 weeks ago
Hyderabad, Telangana, India SMARTWORK IT SERVICES Full timeInformation Security Risk Management (IRM) LeadLocation : Bangalore, Chennai, HyderabadExperience : 11-15 YearsEmployment Type : Full-timeJob Overview :We're seeking a highly experienced and strategic Information Security Risk Management (IRM) professional to develop, manage, and execute the IRM program across Mashreq Bank. This mid-senior level role is...
-
Senior Third-Party Risk Management
2 weeks ago
Hyderabad, Telangana, India New Relic Full time ₹ 6,00,000 - ₹ 18,00,000 per yearWe are a global team of innovators and pioneers dedicated to shaping the future of observability. At New Relic, we build an intelligent platform that empowers companies to thrive in an AI-first world by giving them unparalleled insight into their complex systems. As we continue to expand our global footprint, we're looking for passionate people to join our...
-
Security Risk
3 weeks ago
Hyderabad, Telangana, India Deutsche Börse Full timeAbout Deutsche Börse GroupHeadquartered in Frankfurt, Germany, we are a leading international exchange organization and market infrastructure provider. We empower investors, financial institutions, and companies by facilitating access to global capital markets. Our business areas cover the entire financial market transaction process chain, including...
-
Security Risk
3 weeks ago
Hyderabad, Telangana, India Deutsche Börse Full timeAbout Deutsche Börse Group Headquartered in Frankfurt, Germany, we are a leading international exchange organization and market infrastructure provider. We empower investors, financial institutions, and companies by facilitating access to global capital markets. Our business areas cover the entire financial market transaction process chain, including...
-
Cyber Security Risk
3 weeks ago
Hyderabad, Telangana, India TECHOAKS IT SOLUTIONS PRIVATE LIMITED Full timeCybersecurity Risk & Compliance LeadLocation : HyderabadOnsite : 5 Days a WeekKey Responsibilities :1. Governance : - Develop, implement, and maintain the organizations GRC framework, policies, and procedures.- Support security governance activities and ensure alignment with corporate objectives.- Maintain documentation and records to demonstrate compliance...