Role : GRC Consultant
Location : Hanoi, Vietnam
Payroll : Skill Quotient Technologies
Experience : 3+ years
Duration: 1 year extendable contract
We are seeking a highly skilled and experienced Governance Risk and Compliance (GRC) professional to join our team. The successful candidate will be responsible for performing Third Party Risk Assessments (TPRM), Vendor Tiering Assessments, Issue Management, Exception Management, and Documentation and Reporting. This role involves working closely with various stakeholders to ensure the security and compliance of third-party vendors.
Objective:
Assist in performing Third Party Risk Assessments and ensuring compliance with regulatory requirements and internal policies.
Key Responsibilities:
- Conduct comprehensive risk assessments of third-party vendors to identify potential risks and vulnerabilities.
- Utilize predefined criteria and automated tools to evaluate third-party risks.
- Ensure continuous monitoring of third-party activities and compliance using advanced analytics and AI.
- Develop and implement a vendor tiering framework based on vendor classification and compliance requirements.
- Create and configure vendor tiering assessments using questionnaires and document collection templates.
- Assign vendor tiers based on assessment results and monitor assessment queues for automated rule-based assessments.
- Design and implement issue management workflows, including issue rating and remediation timelines.
- Raise issues based on assessment responses, assign ratings, and finalize remediation timelines.
- Monitor and close issues post remediation, and manage exceptions when necessary.
- Define workflows for managing exceptions and obtain approval for unresolved issues.
- Ensure proper documentation and tracking of exceptions.
- Prepare detailed reports on findings from risk assessments, including identified discrepancies and recommended remediation actions.
- Develop and maintain comprehensive master data reports for each vendor site based on assessments conducted.
- Generate and share reports on demand and monitor compliance through dashboards.
Deliverables:
- TPRM Finding Reports: Detailed reports on the findings from Third Party Risk Assessments, including identified discrepancies and recommended remediation actions.
- Vendor Site Reporting Master Data: Comprehensive master data reports for each vendor site based on the assessments conducted.
- Weekly Remediation Updates: Regular updates on the status of remediation efforts for identified discrepancies.
Required Skillsets:
- Strong knowledge of cybersecurity domains, including risk assessment, security operation, penetration testing, network deployment, and data privacy.
- Familiarity with auditing methodologies and providing solutions to risk findings.
- Proficiency in conducting security assessments and documenting results.
- Excellent communication and documentation skills.
- Ability to work collaboratively with cross-functional teams and stakeholders.
Minimum Experience:
- More than 3 years of experience in cybersecurity, including risk assessment, security operation, penetration testing, network deployment, and data privacy.
- Relevant certifications such as CISSP, CISA, ISO27001LA, CEH, OSCP, CCSP, etc.
Additional Information:
- The candidate must be willing to travel to various customer sites as required.
- The role requires a high level of attention to detail and the ability to work independently.
- The candidate should have a proactive approach to identifying and mitigating security risks.
About us:
Skill Quotient Technologies is a leading IT company specializing in Cyber Security Services, Application Testing Services, Application Solutions, Data Engineering, Process Automation, and Cloud Computing. We are ISO 27001 certified, CMMI Level 3 and working towards achieving CREST certifications. With a reputation for excellence, professionalism, and commitment, we deliver tangible results to our clients, ensuring fast-paced project execution and maximum return on investment.
Job Type: Contract
Application Question(s):
- What is your current salary?
- What is your notice period?
Experience:
- GRC: 2 years (Required)
- Cyber Security: 3 years (Required)