Please click on the Apply to verify the status of jobs posted more than 15 days ago, as they may have expired. Similar Jobs
Job Description
- Provides leadership and operational oversight for the India-based vendor risk management team, ensuring consistent execution of assessments, monitoring, and incident response while fostering professional development and alignment with global objectives.
- Conducts contract reviews and participates in vendor negotiations to identify and mitigate cyber security and operational risks, ensuring appropriate security controls, data protection requirements, SLAs, and remediation obligations align with company risk appetite and regulatory requirements.
- Manages vendor incident response by coordinating with cross-functional teams during security events, conducting impact assessments, ensuring timely vendor communication and remediation tracking, and documenting lessons learned to strengthen future capabilities.
- Executes comprehensive vendor risk assessments throughout the vendor lifecycle using industry-standard frameworks to evaluate security posture, data handling practices, business continuity capabilities, and compliance with contractual and regulatory standards.
- Performs continuous vendor monitoring through risk management platforms and third-party security rating services, analyzing scorecards, threat intelligence, financial indicators, and compliance status to identify emerging risks and provide actionable insights for decision making.
- Develops, maintains, and enhances policies, procedures, standards, and documentation for the vendor cyber risk management program, ensuring clear guidance for assessment methodologies, monitoring thresholds, incident response protocols, and reporting requirements while incorporating best practices.
- Leverages enterprise risk management tooling to streamline vendor risk workflows, maintain accurate vendor inventories and risk profiles, generate executive reporting and metrics, track remediation activities, and identify opportunities for automation and process optimization.
- Minimum of 11-15 years of progressive experience in cybersecurity, third-party risk management, or vendor risk management, with at least 3-5 years in a senior or lead capacity coordinating vendor risk activities and guiding team members.
- Demonstrated expertise in vendor cyber risk assessment methodologies and frameworks (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls) with proven ability to evaluate complex technical security controls and data protection practices.
Looking to get Placed? Try our Placement Guarantee Plan
- Extensive hands-on experience conducting vendor due diligence across the full vendor lifecycle, including onboarding assessments, periodic reviews, continuous monitoring, and offboarding activities for enterprise technology vendors and SaaS providers.
- Strong background in contract review and negotiation with specific focus on cybersecurity terms, data processing agreements, liability clauses, indemnification provisions, audit rights, and breach notification requirements.
- Proficient in utilizing vendor risk management platforms (e.g., OneTrust, ServiceNow VRM, Prevalent, BitSight, SecurityScorecard) to automate workflows, track assessments, monitor vendor security posture, and generate executive reporting.
- Proven ability to lead vendor security incident response efforts, including coordinating cross-functional stakeholders, conducting impact assessments, managing vendor communications, and driving remediation to closure.
- Experience providing guidance and mentorship to team members, including coordinating work assignments, conducting knowledge transfer, and fostering professional development in a distributed or global team environment.
- Excellent analytical and problem-solving skills with the ability to translate complex technical risks into clear business impact assessments and actionable recommendations for executive audiences.
- Strong written and verbal communication skills, with demonstrated ability to influence stakeholders across all organizational levels, including procurement, legal, compliance, information security, and business unit leaders.
Skills
ProcurementAutomationAnalyticalInformation SecurityRisk AssessmentConsultingData ProcessingRisk ManagementComplianceRegulatoryRegulatory RequirementsRisk ManagementRisk AssessmentEnterprise Risk ManagementEnterprise RiskIf an employer asks you to pay any kind of fee, please notify us immediately. Jobaaj does not charge any fee from the applicants and we do not allow other companies also to do so.
About Company
Thomson Reuters is a global leader in providing trusted information, technology, and solutions to professionals in various industries, including legal, financial, tax and accounting, and media. With a legacy of over 160 years, Thomson Reuters delivers innovative products and services that enable professionals to make informed decisions, manage risks, and drive performance. Through Thomson Reuters Careers, individuals can explore a wide range of opportunities in areas such as journalism, data science, software engineering, and sales. Joining Thomson Reuters means becoming part of a diverse and talented team committed to delivering excellence and shaping the future of information and technology. Embark on a rewarding journey with Thomson Reuters Careers and contribute to creating a more transparent, efficient, and connected world.
Important dates & deadlines?
Application Deadline
28 Apr 26, 03:49 PM IST
Similar Jobs
View All
Don't Miss out any Updates
Subscribe now for the latest job alerts
and never miss an update
.webp){kind=logo}
Lead Vendor Cyber Risk Management Analyst
Share with
