Third Party Risk Management

Exp : 5 to 12 yrsJob descriptionRole & responsibilities · Should be able to develop and manage a comprehensive third party risk management framework / program. · Should be able to drive regulatory compliance / remediation programs such as Digital Operational Resilience Act (DORA). · Should be independently able to manage third party due diligence including initial risk assessments and ongoing monitoring. · Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met. · Document and present overall residual risk to higher management for approvals and risk acceptances. · Interact with vendors, business, and multiple stakeholders to assess, explain and remediate the risks identified. · Ongoing monitoring activities such as performance monitoring, contractual compliance, SLA/KPI adherence, negative news monitoring etc. · Test design and operating effectiveness of TPRM controls, identify gaps and recommend improvements. · Support key reporting activities associated within key functions. Perform adhoc IT risk analysis and reporting.Technical/Functional Skills · Relevant experience in TPRM (Program/Framework level) · Knowledge of Broader Operational Resilience / Tech Resilience Framework / Programs · Expertise in Third Party Risk Assessments · Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO 22301 etc. · Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports. · Understanding of application and network security and should understand penetration testing and scan reports. · Knowledge of key TPRM regulations such as DORA, OSFI – B10, FCA FG 16/5, PRA SS2/21, FFIEC, EBA Guidelines etc. · Strong audit / control testing skills are desirable. · Certifications such as CTPRP, CTPRA, CRVPM, CRISC, CISA, CISSP are good to have.

Apply Now