Overview
Head of Information security 3rd party risk management and assessments Jobs in Mumbai, Maharashtra, India at myGwork
Title: Head of Information security 3rd party risk management and assessments
Company: myGwork
Location: Mumbai, Maharashtra, India
Type: Full Time
Category: IT/Tech, Security
This job is with WTW, an
inclusive
employer and a member of my Gwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
Description
Responsibilities &
Duties
• Leading the function in support of 3rd party information security risk management and assessments
• Managing the full lifecycle of third-party assessments and meeting mandatory requirements across standards
• Leading the implementation of capability to enable understanding of external information security posture for key suppliers in correlation of services we consume
• Leading information security 3rd party risk management processes in alignment to established practices
• Maintain overall assessment process and improvements
• Manage team of 3rd party information security assessors; run regular sessions with your team to quality review third parties security risk and ensure appropriate processes followed to gain remediation plans
• Ensure full review of security gaps, risk and potential exposures are identified
• Manage escalations of third parties risk for acceptance and/ or decisions
• Create consistent and accurate data reporting to identify trends and emerging risks across third parties and business segments
• Develop strong relationships with key influencers across business, technology and third parties
• Drive recommendation for updates to the third party standard and controls
• Support development of change activities and programs to be planned to close security gaps
• Manage any regulatory, audit and other mandatory requirements pertaining to supplier information security
Education
Qualification
Degree in a relevant Business or Information Technology area
Experience Band 10-15 yrs.
Technical
Skills:
Need to have
Skill Proficiency
Third Party information security risk management Advance
ITGC Controls Advance
Contract reviews Intermediate
Supplier information security assessment Advance
IS Governance and Compliance Advance
Technical
Skills:
Nice to have
Information Security specific qualification (such as CISM, CISSP) Advance
Security and Privacy regulations Advance
Security Operations – Technical Intermediate
SOC2 reports and other security assessment report reviews Intermediate
Qualifications
NA
