Manager | Third Party Risk Management | Bengaluru | Cyber Strategy & Transformation

Role Description – 

•       Extensive client-facing consulting experience, providing tailored solutions and strategic guidance to address complex business challenges and regulatory requirements

•       Strong problem-solving and analytical skills with the ability to address complex risk management challenges and recommend effective mitigation strategies tailored to client needs

•       Demonstrating expertise in performing detailed vendor due diligence and overseeing all phases of third-party lifecycle assessments, ensuring alignment with organizational requirements, regulatory standards, and risk management frameworks

•       Designing and implementing third-party risk management tools and frameworks tailored to client needs, ensuring effective risk identification, assessment, and mitigation

•       Ability to effectively liaise with clients and manage stakeholder expectations.

•       Work with client teams from various depts. Such as compliance teams, auditing and regulators to identify and document various requirements/obligations

•       Conducting risk assessments and audits with respect to people, process, and technology. 

•       Identification of gaps/observations, risks, opportunities and improvement of policies, processes, procedures and standards.

•       Documenting information security risk, recommendation, and compensating controls in the form of assessment/audit reports

•       Collaborate with other members of the engagement team to plan and develop relevant work papers/deliverables for vendor information security reviews, define approach for vendor assessment and develop vendor evaluation model

•       Handle key activities of assessment/ audit life cycle: planning, execution, reporting, quality review and tracking

•       Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues

•       Strong understanding of global and India-specific regulatory requirements, including RBI, GDPR, FCA, ISO standards, and their implications for compliance and risk management

Qualifications   

1.   8-10 years of experience in Third party risk management  

2.   8-10 years of experience in IT Audits, Cloud security 

3.   Experience with ISO22301 implementation and audits

4.   Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA 

Your role as a leader   

At Deloitte India, we believe in the importance of leadership at all levels. We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters.   

In addition to living our purpose, across our organization:  

•       Understanding of Third party/vendor/supplier risk management considerations

•       Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management

•       Excellent written/verbal communication 

•       Excellent documentation and presentation skills

•       Highly motivated and willing to work in local and global environments

•       Security certifications like CISSP, CISA, CISM, CEH, ISO27001

•       Work experience in Infrastructure / Application Security

•       Work experience in IT Audit

•       Work experience in Cloud Security

•       Work experience in Information Risk Management

•       Work experience in Information Security or Cyber Security domains

•       GRC tool experience like Archer, ServiceNow, OneTrust, ProcessUnity, Security Scorecard etc

How you’ll grow  

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte