Job Title: RA-CSR-EE-TPRM-Consultant-Bangalore

Job requisition ID :: 64386

Date: Apr 2, 2024

Location: Bengaluru

Designation: Consultant

Entity:

What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential

Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential.

The Team

Deloitte helps organizations evaluate and manage the risks associated with third parties (outsourcers, licensees, alliances, suppliers), maximizing the performance of the extended enterprise and achieving strategic business objectives; optimizing IT costs and limiting operational, financial, and legal risk related to the ownership and use of software, through point-in-time solutions and ongoing managed service solutions.

Work you’ll do

As a part of our Risk Advisory team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll:

Role Description –

Lead and execute in-depth third-party risk assessments, aligned with ISMS, NIST or similar information security principles, for clients, meticulously identifying potential vulnerabilities and threats within their vendor ecosystem.
Collaborate closely with clients and multidisciplinary teams, including compliance, auditing, and regulatory experts, while leveraging performance analytics and risk analytics, to design and implement tailored risk management programs that align with business objectives.
Conduct risk assessments and audits covering people, processes, and technology, identifying gaps, risks, opportunities, and areas for improvement within policies, procedures, and standards of the vendor ecosystem.
Develop and implement tailored risk mitigation strategies and action plans in collaboration with client teams, addressing specific control frameworks for third-party risk management.
Continuously monitor and evaluate third-party vendor performance against customized risk and compliance metrics, providing timely insights, recommendations, and documented observations.
Execute third-party compliance and assurance initiatives, including due diligence, on-site audits, and contractual compliance audits, following industry best practices.
Engage in advanced contract analytics to optimize contracts and streamline processes.
Document information security risks, recommendations, and compensating controls in comprehensive assessment and audit reports, focusing on risks associated with third-party relationships.
Deliver insightful risk assessment reports to clients' senior leadership, facilitating informed decision-making and proactive risk management.

Qualifications

A Bachelor's degree in Information Security, or a related field from a reputable institution. Advanced degrees and relevant certifications are highly advantageous.
Proven expertise in third-party risk management, vendor assessments, ISMS, or related areas, with a track record of successful client engagement and risk mitigation.
Deep knowledge of information security principles, Data Protection & Privacy regulations, and relevant control frameworks (e.g., ISO 27001, NIST 800-53, GDPR) as they pertain to third-party risk management.
Strong ability to liaise effectively with clients, manage stakeholder expectations, and collaborate seamlessly across departments and disciplines.
Excellent communication skills, both written and verbal, for articulating complex concepts and recommendations to diverse audiences.
Detail-oriented organizational skills, essential for managing multiple client engagements and delivering high-quality results.
Recognized certifications such as the Certified Third-Party Risk Professional (CTPRP), Certified Third Party Risk Assessor (CTPRA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO27001, or ISO 22301 certifications are advantageous.
Proficiency in utilizing modern risk management tools (Example: ServiceNow, Archer, OneTrust, Coupa etc.) and platforms to enhance the efficiency and accuracy of client deliverables.

How you’ll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career