Vendor Security Risk Assessment or Third Party, Noida, Gurugram

Job Description

Job Title: Vendor Security Assessment Engineer
Location: Gurugram
Job Summary: We are seeking a highly skilled Vendor Security Assessment Engineer to evaluate and ensure the security posture of third-party vendors, partners, and suppliers. This role involves assessing vendor compliance with security policies, industry standards, and regulatory requirements. The ideal candidate will have a strong background in cybersecurity, risk assessment and vendor management.

Key Responsibilities:

• Conduct security assessments of third-party vendors, identifying risks and recommending mitigations.
• Evaluate vendor compliance with security frameworks such as ISO 27001, NIST, SOC 2, GDPR, and other relevant regulations.
• Review penetration testing reports, cloud configuration reports, and report findings.
• Perform security due diligence and risk analysis for vendor onboarding and ongoing vendor relationships.
• Collaborate with internal teams, including procurement, legal, and IT security, to ensure security requirements are met.
• Develop and maintain security assessment questionnaires and methodologies.
• Monitor vendor security incidents and work with vendors to resolve security gaps.
• Provide recommendations for vendor risk remediation and track progress.
• Maintain documentation of security assessment results and provide regular reports to management.
• Stay up to date with emerging security threats and industry best practices.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3 to 6 years of experience in security risk assessment, vendor risk management(link removed)>
• Strong understanding of security frameworks and regulatory compliance requirements.
• Ability to analyze security policies, architecture, and controls of third-party vendors.
• Excellent communication and interpersonal skills.
• Relevant security certifications (e.g., CISSP, CISA, CISM, CRISC, or equivalent) are a plus.

Preferred Qualifications:

• Experience working in a cloud security environment (AWS, Azure, GCP).
• Familiarity with third-party risk management tools and platforms.
• Knowledge of data privacy laws and secure data handling practices.
• Experience in contract review from a security and compliance perspective.

Interested applicants with relevant experience can forward your CV to(e-mail removed)

Employement Category:Employement Type: Full timeIndustry: BPO / Call CenterRole Category: Customer Service (International)Functional Area: Not SpecifiedRole/Responsibilies: Vendor Security Risk Assessment or Third PartyContact Details:Company: HCL Technologies LtdLocation(s): Noida, Gurugram