Job role: TPRM (Third Party Risk Management) consultant
Location:Calgary
Job description:
Skills and Experience
1. Security professional with at least 7-8 years of progressive, responsible, and diversified experience in Information security consulting, Third-Party risk management and auditing
2. Has Bachelor’s degree in computer science, information systems or equivalent
3. Certified in industry accepted certifications such as CISA, CISM, CISSP, CRISC
4. GRC professional with good understanding of industry frameworks and standards
- In-depth experience on Third-Party Risk Management
- Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices
- Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis
- Articulate risks and potential options for remediation or compensating controls
- Understand inherent risk assessment
e. In-depth understanding of review process of current system security measure by performing security assessments to identify security gaps
- Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility
- In-depth understand of GDPR, LGPD and other privacy requirements
7. Knowledgeable in various regulations like SOX, HIPPA, GDPR, GLBA, FISMA and standards like PCI DSS, SOC (service organization’s controls), ISO 31000
- Strong business and communication skills
- Experience in driving meetings with stakeholders
- Provide advisory and consulting to client on new trends and challenges in enterprise risk management area
- Experience in design and development of information security policies, standards, and guidelines
- Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA
- Has sound experience around implementation of security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances customer business objectives
- Design / modify Contract security language / security clauses
- Co-ordinate and negotiate security clauses with Procurement team and Supplier
- Experience on GRC platforms
- Work with the client & technical teams for change request on any risk or control implementation as well as governance process
- Participate in internal as well as external regulatory as well as IT security audits
- Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security.
--
Shailendra Rajak
Raas infotek corporation
262 Chapman road, Suite 105A, Newark, DE-19702
Phone no. 302-565-0220, Ext. 145
Email id: shailendra.rajak@raasinfotek.com
LinkedIn:linkedin.com/in/shailendra-r-9904ba27b