Experience Level: 8+ years in Information Security, Third-Party Risk, or Supplier Security Management

About the Role:

We are seeking an experienced Manager – Supplier Security Risk Management to lead and enhance our third-party security risk program. The ideal candidate will be responsible for evaluating and managing the security posture of our suppliers, ensuring compliance with industry standards, and mitigating risks associated with third-party vendors.

Key Responsibilities:

🔹 Supplier Security Risk Assessment & Due Diligence

• Conduct security risk assessments for new and existing vendors, ensuring compliance with security policies, regulatory requirements, and best practices.
• Evaluate third-party security controls using frameworks such as NIST, ISO 27001, CIS, GDPR, and SOC 2.
• Work closely with procurement, legal, and business teams to ensure security is embedded in vendor selection and contracting.

🔹 Policy Compliance & Risk Management

• Develop and implement supplier security policies, standards, and guidelines.
• Identify potential security risks in third-party relationships and recommend mitigation strategies.
• Monitor vendor security incidents and work with stakeholders to manage response and remediation efforts.

🔹 Technical Security Evaluation

• Assess vendors’ security architectures, cloud security controls, and data protection mechanisms.
• Review security attestations, penetration test reports, and vulnerability assessments from third parties.
• Ensure vendors comply with security best practices for handling PII, financial data, and intellectual property.

🔹 Governance, Reporting & Compliance

• Maintain an inventory of critical vendors and their risk levels.
• Develop supplier risk dashboards and present security risk findings to senior management.
• Ensure ongoing compliance with regulatory requirements like RBI Guidelines, GDPR, HIPAA, PCI-DSS (as applicable).

🔹 Collaboration & Stakeholder Engagement

• Partner with internal teams such as IT, Legal, Compliance, and Procurement to enforce security controls.
• Engage with vendors to drive security improvements and address remediation plans.
• Stay updated with emerging threats, supplier security risks, and evolving regulatory landscapes.

Required Skills & Experience:

✅ Education & Certifications:

• Bachelor’s/Master’s degree in Information Security, Cybersecurity, or a related field.
• Certifications like CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Auditor are preferred.

✅ Experience:

• 6+ years of experience in third-party risk management, cybersecurity, or IT risk assessment.
• Strong understanding of security governance, risk management, and compliance (GRC).
• Experience with supplier security frameworks and assessment tools (e.g., SIG, VRM platforms).

✅ Technical Knowledge:

• Familiarity with Qualys Policy Compliance, NIST 800-53, ISO 27001, and CIS benchmarks.
• Understanding of cloud security (AWS, Azure, GCP) and network security.
• Knowledge of data privacy regulations like GDPR, CCPA, and cross-border data transfer risks.

✅ Soft Skills:

• Strong analytical and problem-solving abilities.
• Excellent stakeholder management and communication skills.
• Ability to work in a fast-paced environment and manage multiple priorities.

Why Join Us?

🚀 Be a key player in strengthening our supplier security framework.
🔍 Gain exposure to cutting-edge security practices and global regulatory compliance.
🤝 Collaborate with cross-functional teams to ensure a robust risk management program.
💡 Work in a dynamic and growth-driven environment with leadership opportunities.