Job Title GRC – Information Security Third-Party Risk Assessment Specialist
Location : Gurugram/Mumbai
Experience Upto 5 years (or as required)
Role Summary :
The role involves managing Information Security Governance, Risk, and Compliance (GRC) with a strong focus on Third-Party / Vendor Risk Assessments. The incumbent will ensure that vendors, service providers, and partners comply with applicable regulatory, industry, and organizational information security requirements.
Key Responsibilities
Third-Party Risk Management (TPRM)
- Conduct end-to-end information security risk assessments of third parties, vendors, partners, service providers.
- Perform inherent risk profiling and residual risk evaluation while vendors onboarding, renewals and periodic reassessments
- Assist in updating Master Vendor Inventory as per service details and classification
- Review vendor-provided information, security questionnaires, and supporting evidence
- Assess inherent security risks based on:
o Nature of services provided
o Type and sensitivity of data accessed, processed, or stored
o Degree of system and network access o Regulatory and compliance impact
- Assign inherent risk ratings (e.g., High / Medium / Low) to new vendors as per the organization’s security risk framework
- Identify key risk drivers and control gaps at the inherent risk stage
- Document assessment results and rationale in the designated risk assessment template or system
- Perform detailed security risk assessments of third parties based on profiling criteria defined in the organization’s Security Risk Assessment Framework, including evaluation of Private service criticality, data sensitivity, access levels, regulatory impact, and inherent risk factors, to determine overall risk classification and required risk treatment actions.
- Coordinate with internal business stakeholders and vendor service owners to
o Collect and validate details related to vendor services and engagement scope
o Clarify data access, system integration, and service dependencies
o Identify, escalate, and report any issues, gaps, or support requirements impacting the risk assessment
o Provide periodic status updates on assessment progress, risks, and timelines to relevant stakeholders
- Assist in review and update of security risk framework for third parties
- Support to business units in updating vendor and its services related information
- Build and maintain relationships with internal stakeholders
- Track progress and closure of open observations as per defined remediation plan for each assessment
- Support in performing process related security assessments for the organization
- Identify gaps, document risk findings, recommend corrective actions, and track remediation closures.
Pay: ₹700,000.00 - ₹1,000,000.00 per year
Benefits:
Application Question(s):
- How many years of experience in GRC ?
- How many years of experience in Third-Party / Vendor Risk Assessments ?
- What is your Current CTC ?
- What is your Expected CTC ?
- What is your Notice Period ?
Work Location: In person
