TPRM- Risk Assessor

Digital : Cloud Security Management, Cyber Security - GRC - Vendor Risk Assessment, Cyber Security - GRC - Data Security, Cyber Security - Information Security

PL- Wroclaw

Onsite/Hybrid Mode

6-8 Years

Role TPRM- Risk AssessorRequired Technical Skill Set Vendor Risk Assessment

Desired Experience Range 6- 10 yrs over (5 yrs in Vendor Risk Assessment)

Location of Requirement TechnicalFunctional Skills from the RoleAccess management

-Privilege access management , Segregation of duties, least privilege principle , RBAC , Password management , User access management, personal accounts Non personal technical accountsData security Encryption at rest and in transit , Key lifecycle management, Ciphers,Secure operations- Log monitoring, Log protection, Log management, Endpoint security, PatchingData Leakage Prevention

- Understanding of DLP tools technologies, structured and unstructured data, Instances (Dev, Test , PROD), Email security, Data classification.Cyber Threat management Threat Vulnerability management, Hardening process, External attacks ( DDoS) , Penetration testing , Incident managementNetwork security

- Basic network security components understanding ( Firewall, IDS ,IPS, WAF), Network ports protocols, Network segmentation etc.

System acquisition , development Change management SLDC process for application design , development , deployment Operations including defined change controls for approval and testing.Operation resilience BCP , Backup restore, Records management , Data retention.Governance , risk compliance- Polices , Procedures, Risk management framework , Cyber risk management, Supply chain risk management.Assurance reports SOC 1, SOC 2 reports, ISO 27001 certificate including Statement of applicability, CSA star level 2 etcAsset management- Asset inventory , Hardware Software Life cycle management

Data center securityPhysical securityHR securityRelevant experience in TPRM (ProgramFramework level).

Expertise in Third Party Risk AssessmentsExpertise in cyber security including standards such as ISO27001, PCI-DSS, ISO 22301 etc.

Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports.Certifications such as CTPRP, CTPRA, CRVPM, CRISC, CISA, CISSP are good to have.

Roles and Responsibilities Should be able to develop and manage a comprehensive third party risk management framework program.

Should be able to drive regulatory compliance remediation programs such as Digital Operational Resilience Act (DORA).

Should be independently able to manage third party due diligence including initial risk assessments and ongoing monitoring.

Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met. Document and present overall residual risk to higher management for approvals and risk acceptances.

Interact with vendors, business, and multiple stakeholders to assess, explain and remediate the risks identified. Ongoing monitoring activities such as performance monitoring, contractual compliance, SLAKPI adherence, negative news monitoring etc.