Vendor Risk Mgmt. Regional Manager
HCLTech
To design & implement Enterprise wide Vendor Risk Management program and integrate it with Procurement and internal processes, drive efficiency and strategic initiatives for improving maturity of the VRM program
Key Responsibilities
The individual will contribute to the overall maturity and effectiveness of the VRM program, including:Driving the third-party risk management program to understand, evaluate and report on the risk exposure HCLTech as an organization has by virtue of using various vendors, their services and/or products to meet our business objectives.Contribute towards enhancing the VRM program to address the ever-evolving threat landscape posed by vendor partners including but not limited to the risk domains of Cyber Security, Regulatory Compliance, Data Privacy, ESG, Geo-Political, Financial, etc.Self-motivated to hit the ground running with strategic thinking acumen to not only execute the current program but take it to the next level in spirit of continuous improvement.Overseeing project management, governance, risk profiling and assessment of vendors at relevant stages of vendor life cycle.Acting as a Subject Matter Expert (SME) across key risk domains such as Information Security, Data Privacy, Business Continuity, Regulatory Compliance, etc.Identifying applicable risk domains based on vendor service scope, including emerging risk areas.Conducting and reviewing vendor risk assessments based on the defined VRM framework.Developing risk profiles and periodic assessment plans based on third-party risk categorization.Collaborating with vendors to define appropriate remediation and mitigation strategies for identified risks.Performing ongoing monitoring, updating risk profiles, and tracking remediation efforts.Reviewing and enhancing risk assessment questionnaires and tools.Cross collaboration with internal stakeholders and external vendors to ensure program alignment and risk mitigation.Generating and presenting reports to leadership and cross-functional teams.Supporting queries from clients, business units, and sales / pre-sales teams related to vendor risk posture.Present VRM program and its tenets in various audits (internal & external) to provide assurance that third party risk is well managed within the firm. Skill Requirements Qualifications and Experience Required Education & Professional Qualifications Graduate or postgraduate degree in Computer Science, Information Technology, Cybersecurity, or a related field.Professional certifications such as ISO 27001 Lead Auditor, CISA, CISM, CISSP, CRISC , or equivalent.
Experience
12–15 years of overall experience in Information Security, Cybersecurity, and Risk Management. Minimum 8-10 years of hands-on experience in Vendor Risk Management / Third-Party Risk Management. Minimum 5 years of experience in team or people management. Ability to analyse the data and create various reports for senior management Demonstrated experience working with senior stakeholders and external clients.
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.