Save Job
Posted 4mo ago

Associate, Security Governance, Risk and Compliance- Global Capability Center

@ Alvarez & Marsal
Gurugram, Haryana, India
OnsiteFull Time
Responsibilities:Managing risks, Completing questionnaires, Reviewing contracts
Requirements Summary:Bachelor’s in Information Security or related; 3-5 years in GRC/security; vendor risk, client questionnaires; knowledge of ISO/NIST; certifications CRISC/CISSP/CISM/CTPRP; strong communication.
Technical Tools Mentioned:GRC platforms, Vendor risk management tools
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Description

About Alvarez & Marsal 
Alvarez & Marsal (A&M) is a global consulting firm with over 10,000 entrepreneurial, action and results-oriented professionals in over 40 countries. We take a hands-on approach to solving our clients' problems and assisting them in reaching their potential. Our culture celebrates independent thinkers and doers who positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity - are why our people love working at A&M. 
 
The Team 
The GRC Associate will play a critical role in managing and enhancing our third-party risk management program. This position will align to the team responsibilities of assessing, monitoring, and mitigating risks associated with third-party vendors, ensuring compliance with regulatory requirements and internal security policies. This role will be focused on supporting client questionnaires, audit requests, third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk.The successful candidate requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm.
 
How you will contribute
1. Third Party Risk Management:
  • Identify vendor risks for assessment against A&M risk appetite and submit risks into risk management platform.
  • Maintain oversight of risk treatment and incorporate updates into monthly reports.
  • Produce and deliver comprehensive due diligence/risk assessments of vendors.
  • Contribute to process improvements and development of vendor risk assessment frameworks and questionnaires.
  • Execute vendor assessments within defined SLA’s utilizing GRC platforms and tools in line with A&M GRC vendor assessment process.
  • Maintain, monitor and follow through on vendor performance alerts by actively managing remediation and delivering monthly posture reviews.
  • Documentation and monitoring of approved vendor assessment scope and conditional approval statement to retain compliance.
2. Client Security Questionnaires:
  • Manage and complete client security questionnaires and assessments within defined SLA’s utilizing platforms in line with A&M GRC client security assessment processes.
  • Collaborate with internal teams (Privacy, Legal, IT) to gather accurate and comprehensive responses.
  • Support and contribute to process improvements and continuous maintenance of question and response database.
3. Contract Reviews:
  • Evaluate security terms in contracts to mitigate risks associated with client and vendor engagements, within defined SLA’s.
  • Work with legal, privacy and business teams to ensure that contractual obligations align with the organization’s security policies and compliance requirements.

4. Risk Reporting & Communication:
  • Communicate identified risks and remediation strategies to both technical and non-technical stakeholders.
  • Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.

5. Continuous Improvement: Suggest and implement process improvements, including use of Artificial Intelligence and automation.
Qualifications 
  • Bachelor's degree in Information Security, Risk Management, Business, or related field
  • Industry recognized certification in security (e.g., CRISC (Certified in Risk and Information Systems Control), CTPRP (Certified Third-Party Risk Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
  • 3-5 years of experience in GRC, third-party risk management, or information security.
  • Experience in conducting vendor risk assessments and audits.
  • Experience in managing and completing client security questionnaires
  • Experience in reviewing and advising on security clauses in legal contracts
  • Familiarity with third-party risk management tools and platforms
  • Knowledge of information security regulatory requirements
  • Good understanding of security frameworks such as ISO 27001, NIST, etc.
  • Excellent analytical, problem-solving, and decision-making skills.
  • Strong communication and interpersonal skills.
  • Ability to translate security risks to business accessible language and format.
  • Ability to work collaboratively with cross-functional teams.
  • Detail-oriented with the ability to prioritize, and manage multiple tasks simultaneously.

Your journey at A&M 
We recognize that our people are the driving force behind our success, which is why we prioritize an employee experience that fosters each person’s unique professional and personal development. Our robust performance development process promotes continuous learning, rewards your contributions, and fosters a culture of meritocracy. With top-notch training and on-the-job learning opportunities, you can acquire new skills and advance your career.  We prioritize your well-being, providing benefits and resources to support you on your personal journey. Our people consistently highlight the growth opportunities, our unique, entrepreneurial culture, and the fun we have together as their favorite aspects of working at A&M. The possibilities are endless for high-performing and passionate professionals.