Senior Analyst, Third Party IT Risk Management

Req ID: 127900 
Remote Position: Hybrid
Region: Asia 
Country: India 
State/Province: Chennai 
City:  Guindy, Chennai 

Summary

We are seeking a highly motivated and experienced Senior Analyst to join our Third Party IT Risk Management team. This role is responsible for identifying, assessing, and mitigating information technology risks associated with our third-party relationships. The ideal candidate will possess a strong understanding of IT risk management frameworks, cybersecurity principles, and relevant regulatory requirements. You will play a crucial role in protecting our organization's data and systems by ensuring our vendors and partners adhere to our security standards.

Detailed Description

Performs tasks such as, but not limited to, the following:

• • Vendor Risk Assessment: Conduct comprehensive IT risk assessments of new and existing third-party vendors. This includes evaluating their security policies, procedures, and controls against industry best practices and our internal security requirements.
  • Due Diligence: Perform initial and ongoing due diligence on third-party vendors to ensure their security posture remains strong throughout the vendor lifecycle.
  • Contract Review: Collaborate with legal and procurement teams to review and negotiate IT security-related clauses in third-party contracts and agreements.
  • Continuous Monitoring: Implement and manage a continuous monitoring program to track the security performance of critical vendors. This includes analyzing security ratings, vulnerability reports, and incident notifications.
  • Incident Response: Act as a key point of contact for any security incidents involving third-party vendors. This includes coordinating response efforts and ensuring timely resolution.
  • Reporting: Develop and maintain risk dashboards and reports for senior management, providing a clear view of the third-party risk landscape.
  • Policy and Procedure Development:Contribute to the development and enhancement of our third-party IT risk management policies, standards, and procedures

Knowledge/Skills/Competencies

• • Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
  • Experience: 10-15 years of experience in IT risk management, cybersecurity, or a related field, with a specific focus on third-party risk management.
  • Framework Knowledge: In-depth knowledge of IT risk management frameworks such as NIST (800-53, CSF), ISO 27001, and COBIT.
  • Regulatory Familiarity: Understanding of relevant data privacy and protection regulations (e.g., GDPR, CCPA).
  • Technical Skills:
  • Proficiency with third-party risk management tools and platforms.
  • Strong understanding of network security, cloud security, application security, and data protection principles.
  • Experience with security assessment methodologies and tools.
  • Soft Skills:
  • Excellent analytical and problem-solving skills.
  • Strong written and verbal communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences.
  • Proven ability to manage multiple projects and priorities in a fast-paced environment.
  • Strong interpersonal skills with the ability to build and maintain effective working relationships with internal and external stakeholders.

Physical Demands

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• • Certifications: Professional certifications such as CRISC, CISM, CISA, or CISSP are highly desirable.
  • Industry Experience: Experience working in a manufacturing, and regulated industry (e.g., finance, healthcare) is a plus.

Typical Education

Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.

Experience: 10-15 years of experience in IT risk management, cybersecurity, or a related field, with a specific focus on third-party risk management.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.

COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.