Job Title: Cybersecurity Risk Assessment Analyst (Third-Party Risk Assessment)

Location: [Bangalore]

Job Type: [Full-Time]

Department: Information Security / Risk Management

Level : 3

Job Description:

We are seeking a detail-oriented Cybersecurity Risk Assessment Analyst to join our team. This role will focus on evaluating the cybersecurity risks associated with third-party vendor. The ideal candidate will have a strong background in information security, risk management, and compliance standards, with the ability to assess and mitigate risks associated with third-party relationships.

Key Responsibilities:

1. Third-Party Risk Assessments:

o Conduct comprehensive risk assessments of third-party vendors to evaluate their cybersecurity posture, compliance with relevant regulations, and alignment with company policies.

o Create and maintain a third-party risk assessment framework that aligns with industry standards and regulatory requirements.

2. Risk Identification and Analysis:

o Identify potential risks introduced by third-party vendors, including data breaches, compliance failures, and operational disruptions.

o Analyze both qualitative and quantitative risk metrics to assess the potential impact and likelihood of third-party risks.

3. Documentation and Reporting:

o Prepare detailed risk assessment reports documenting findings, recommendations, and remediation plans.

o Present risk assessment results to stakeholders, including senior management and relevant business units.

4. Collaboration and Advisement:

o Work closely with procurement, legal, and compliance teams to ensure that third-party contracts include appropriate cybersecurity provisions.

o Advise business units on risk mitigation strategies and best practices for managing third-party relationships.

5. Continuous Monitoring:

o Establish processes for continuous monitoring and reassessment of third-party risks, ensuring that changing circumstances are duly evaluated.

o Track remediation efforts and verify the implementation of recommended cybersecurity practices by third-party vendors.

6. Vendor Evaluation and Management:

o Assist in the selection and evaluation of new vendors by conducting cybersecurity due diligence.

o Maintain a comprehensive inventory of third-party vendors and their associated risk profiles.

7. Policy and Procedure Development:

o Contribute to the development, implementation, and maintenance of third-party risk management policies and procedures.

o Stay informed about industry trends, regulatory changes, and emerging threats related to third-party risk.

Qualifications:

 Bachelor’s degree in information security, Cybersecurity, Computer Science, Risk Management, or a related field.

 2-3 years of experience in cybersecurity, risk management, or compliance, with a focus on third-party risk assessments.

 Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001, CIS) and relevant regulations (e.g., GDPR, HIPAA, PCI-DSS).

 Strong analytical skills with the ability to assess complex information and provide actionable recommendations.

 Excellent verbal and written communication skills, with experience presenting to diverse audiences.

 Certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Risk Management Professional (CRMP) are a plus.

Preferred Skills:

 Experience with risk assessment tools and methodologies.

 Knowledge of risk management software solutions.

About Mphasis

Mphasis applies next-generation technology to help enterprises transform businesses globally. Customer centricity is foundational to Mphasis and is reflected in the Mphasis’ Front2Back™ Transformation approach. Front2Back™ uses the exponential power of cloud and cognitive to provide hyper-personalized (C=X2C2TM=1) digital experience to clients and their end customers. Mphasis’ Service Transformation approach helps ‘shrink the core’ through the application of digital technologies across legacy environments within an enterprise, enabling businesses to stay ahead in a changing world. Mphasis’ core reference architectures and tools, speed and innovation with domain expertise and specialization are key to building strong relationships with marquee clients.