CRCrisil
Information Security Associate
Mumbai ₹1-5 LPA Posted 25 Apr 2025
FULL TIME
Due Diligence
Regulatory Compliance
Job Description
- Conduct comprehensive risk assessments of third-party vendors, including evaluating their information security practices, operational capabilities, and compliance with legal and regulatory requirements
- Perform due diligence on prospective and existing vendors, ensuring they meet the organizations standards for security, privacy, and business continuity.
- Continuously monitor third-party risk exposure and create regular reports on the risk status of vendors. Identify and escalate potential issues to management.
- Review and manage vendor contracts, ensuring that appropriate risk management clauses and service-level agreements (SLAs) are in place.
- Collaborate with internal stakeholders and vendors to develop and implement risk mitigation strategies. Recommend corrective actions or improvement plans for third-party vendors with identified risks
- Assist in the development and maintenance of third-party risk management policies, procedures, and frameworks in alignment with industry best practices and regulatory requirements.
- Work closely with internal teams (e. g. , Legal, Procurement, Compliance, IT Security) to ensure a unified approach to third-party risk management
- Ensure compliance with relevant regulations, standards, and guidelines (e. g. , GDPR, ISO 27001, NIST, PCI-DSS) related to third-party risk management.
- Conduct periodic vendor audits to verify compliance with contractual obligations and organizational policies
- Assist in the investigation and resolution of third-party risk incidents, including data breaches or service disruptions.