S&P Global Assistant Manager - Quality Assurance / Information Security Expert in Gurgaon, United States
Assistant Manager- Quality Assurance (Information Risk Expert)
Vendor Risk Management is a strategic initiative driven by corporate leadership. Its responsibility is to analyze and mitigate the risk associated with the vendor while procuring the product - services from them. This process is driven based on the guidelines provided by different regulator such as U.S. Securities and Exchange Commission,Monetary Authority of Singapore (MAS)and GDPR. Team is based out of Gurgaon (India) location and is led by leadership at New York (US).
Vendor Risk Management helps the business to reduce the risk associated with the vendors in terms of Information Security, Reputational impact, Business loss, financial instability etc. In addition, it helps the business to meet the regulatory requirement across different market and avoid any penalties.
What s in it for you:
It s a global profile and gives opportunity to interact with different leadership across the organization
This profile allows the candidate to understand the different services procured across organization and also allows them to be a part of Enterprise level initiatives
Vendor Risk Management is a part of Risk Management organization, hence gives an opportunity to interact and learn other risk management process like Country Risk, Information Risk, Business Continuity
- Risk Management is an evolving process, it gives candidate opportunity - explore on how to build and optimize the process
Perform the Vendor Risk Assessments on new and existing vendors engaged by the organization
Act as an Information Security Expert within the Vendor Risk Management team to help in identifying the Information risks in engaging the vendor for a given use case.
Work directly with internal stake holders such as engagement owners from the business divisions to understand the services expected to be provided by the vendor and to help capture the risk accurately in the engagement risk assessments.
Work with other internal stake holders such as Information Security, Business Continuity, Procurement, Compliance and other Domain Partners to ensure correct risk level documentation in the Vendor Risk Assessment process.
Track and follow-up with the Internal Business Partner, Domain partners and Vendors in order to get the assessment completed within the defined SLA
Liaise between the Internal Business divisions, Domain Partners and Vendors to track and facilitate resolution of issues identified during the risk assessment process
Prioritize the activities and help in expediting the Risk Assessment process
Prepare detailed and summary reports of assessment, including customized reports, as needed.
Work with the Internal stake holders in fulfill the Audit requirements
Enhance the process within Risk Management in order to meet different Business and Regulatory requirements
Contribute to building training programs for Internal stake holders on Risk Management Process
Support in building and maintaining the procedure and policy documents
What We re Looking For:
Professional with Vendor Risk Management background, with experience performing Information risk assessments with a minimum of 4-6 years of experience
Experience in understanding and managing the IT security risk, especially with Cloud based application vendors
Information Security related Certification is a plus
Should have understanding on the roles and responsibilities of different risk functions like Vendor Risk Management, QA Function, Operational Risk, Internal Control, Internal audit, Risk and Compliance etc.
Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail
Demonstrated competency working within a global team in a large enterprise and across functions
Superior oral and written communication skills
Ability to build strategic partnerships with internal clients (S&P Global employees)
Must be a critical thinker with strong qualitative skills.
Willingness to be cross-trained in other Vendor Risk Management positions to provide support to the team during peak loads.
Any Graduate - Post Graduate and has Information Security expertise
Information Security Expert with certification such as CISA or any other certification related to Information Security or Cloud Security.
S&P Global Corporate
At S&P Global, we don t give you intelligencewe give you essential intelligence. The essential intelligence you need to make decisions with conviction. We re the world s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visitwww.spglobal.com
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race - ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or other legally protected categories, subject to applicable law.