Governance & Risk and Compliance Analyst

About Tekion:

Positively disrupting an industry that has not seen any innovation in over 50 years, Tekion has challenged the paradigm with the first and fastest cloud-native automotive platform that includes the revolutionary Automotive Retail Cloud (ARC) for retailers, Automotive Enterprise Cloud (AEC) for manufacturers and other large automotive enterprises and Automotive Partner Cloud (APC) for technology and industry partners. Tekion connects the entire spectrum of the automotive retail ecosystem through one seamless platform. The transformative platform uses cutting-edge technology, big data, machine learning, and AI to seamlessly bring together OEMs, retailers/dealers and consumers. With its highly configurable integration and greater customer engagement capabilities, Tekion is enabling the best automotive retail experiences ever. Tekion employs close to 3,000 people across North America, Asia and Europe.

This is a hybrid role comprising Risk and Compliance management duties. This requires an in-depth understanding of SaaS companies and ISMS, PIMS, SOC 1 & SOC 2 PCI DSS, GDPR, and CPRA frameworks. We're looking for talented professionals who love challenges, push boundaries, and are passionate about successfully managing the Information Security and Privacy framework.

Location: Chennai only

Responsibilities:

• Vendor Risk Assessment: Conduct thorough due diligence on potential third-party vendors to assess their cyber security, Data privacy, operational capabilities, and compliance with legal and regulatory requirements.
• Due Diligence: Perform due diligence reviews of vendors, including reviewing security policies, audit reports, and compliance documentation.
• Documentation and Reporting: Maintain comprehensive documentation of risk assessments, findings, processes, and recommendations.
• Prepare reports for management and stakeholders on third-party risk status including critical data breaches, security incidents, and service disruptions.
• Policy Development: Assist in the development and implementation of third-party risk management policies and procedures in line with industry best practices and regulatory requirements.
• Training and Awareness: Provide training and support to internal teams on third-party risk management practices and the importance of vendor assessments.
• Collaboration: Collaborate with various departments, including IT, legal, compliance, and procurement, to ensure a cohesive approach to third-party risk management. Support internal and external audits related to vendor cybersecurity.
• Security Questionnaire Response: Responds to information security-related questions, RFP's, RFI's SIG, and inquiries using established information security tools and procedures.

Requirements:

• Strong knowledge of information security and cybersecurity, including control testing, network security, and infrastructure assessments.
• Bachelor's degree in information technology, Computer Science, or a related/applicable field.
• Have 4-5 years of work experience related to Risk Management, procurement, and third-party risk management.
• 2+ years of experience in a team management role.
• Experience in assessing cloud security and application security for third-party vendors.
• Good knowledge of ISO 27001 ISO 27701 SOC 1 SOC 2 CPRA, GDPR, and PCI DSS.
• Certified CRiSP/ISO 27001/ISO 27701 Lead Auditor.
• Excellent written and verbal communication skills.

Tekion is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, victim of violence or having a family member who is a victim of violence, the intersectionality of two or more protected categories, or other applicable legally protected characteristics. 

For more information on our privacy practices, please refer to our Applicant Privacy Notice here.