Cyber Security Third Party Risk Professional
Marvell
- Bangalore, Karnataka
- Permanent
- Full-time
- Develop and implement a comprehensive Third Party Risk Management (TPRM) program to assess and lead the cybersecurity risks remediations
- Manage and continuously improve the risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
- Responsible for driving third-party risk assessment to identify, monitor, remediate, and manage third-party risks across Marvell’s third-party ecosystem.
- Own and enforce policies and standards related to third-party risk management, ensuring compliance with relevant industry regulations and standard processes
- Conduct prior to onboarding due diligence and timely risk-based re-assessments of third-party vendors, evaluating their security controls, policies, and procedures to identify potential vulnerabilities and areas of improvement.
- Evaluating control effectiveness and review evidence of controls referred in NIST CSF, ISO 27001, CSA CCM, SSAE16, SOC2
- In-depth knowledge of controls related to data privacy, compliance, incident management, business resiliency, cloud security, and other risk domains.
- Collaborate with incident response and crisis management teams to develop and test response plans for third-party security incidents.
- Owns the playbook and is responsible for driving the business impact and assessment in the event of a 3rd party security incident.
- Responsible for maintaining the 3rd party risk dashboard and keeping it up to date based on events and assessment outcomes.
- Have experience managing and running TPRM platforms and risk intelligence platforms to perform vendor security assessments
- Collaborate with business teams, legal, compliance, and procurement teams to integrate TPRM processes into the vendor onboarding and contract negotiation processes.
- Manage the risk reduction by partnering with the Business team and third-party contacts till the remediation or risk reduction is reached.
- Provide regular reporting and updates to executive leadership on the status of third-party risk management initiatives, including risk assessments, remediation efforts, and overall program effectiveness.
- Stay abreast of emerging threats and industry trends, adapting the TPRM program to address new risks and challenges.
- 10+ years of total work experience in information security, with a focus on third-party risk management.
- Industry recognized Risk Assessment Certifications (e.g., CISSP, CISA, CRISC, CTPRA, CTPRP, ISO 27001, etc.) strongly preferred
- Bachelor's or master’s degree preferably in information and/ or Cybersecurity, Computer Science, or a related field.
- Strong understanding of third-party risk management frameworks, methodologies, and regulatory requirements.
- Owned and driven TPRM program at a large enterprise.
- Staying updated on the latest security trends, technologies, and vulnerabilities.
- Excel and data analytical skills would be an added advantage
- Strong communication and interpersonal skills to collaborate with internal and external stakeholders effectively.