Country/Region:  IN
Requisition ID:  37418
Work Model: 
Position Type: 
Salary Range: 
Location:  INDIA - BENGALURU - HP

Title:  Subcontractor

Description: 

6-8 years of experience in Third Party Risk Management, Vendor Risk, Cybersecurity Risk, IT Audit, or GRC roles.
- Strong understanding of the TPRM lifecycle and vendor risk frameworks.
- Hands on experience with security assessments and control testing.
- Knowledge of cybersecurity concepts, access controls, incident response, and data protection.
- Excellent analytical, documentation, and stakeholder communication skills.
- Experience working with global vendors and cross region stakeholders.
 
Key Responsibilities:
- Conduct inherent and residual risk assessments for vendors across cybersecurity, data privacy, operational, and compliance domains.
- Perform vendor due diligence during onboarding and periodic reviews.
- Review vendor provided evidence (SOC reports, ISO 27001, SIG, penetration test summaries, etc.).
- Assess vendor alignment with security frameworks such as ISO 27001, NIST, SOC 2, and HP internal security policies.
- Identify gaps, document findings, and recommend risk mitigation and remediation plans.
- Support compliance with global regulations (GDPR, data protection, internal audit requirements).
- Support the end to end third party lifecycle: onboarding, ongoing monitoring, issue management, and off boarding.
- Track vendor risks, remediation actions, and exceptions in GRC or risk management tools.
- Collaborate with Procurement, Legal, IT, Privacy, and Business stakeholders.
- Participate in internal audits, regulatory reviews, and risk governance forums.