Job description 

What success looks like in this role:

Purpose:

In order to lead the Third-Party Risk Management, Unisys is looking for suitable candidature within the CSIO organization to be responsible for managing TPRM program with thorough understanding of the process and performing vendor evaluation. The candidate will also be required to prepare and/or review dashboards, report metrics and provide updates within the group and to the Leadership as per defined periodicity.

Key Responsibilities:

Third Party Risk Management (TPRM)

Lead the existing TPRM program in context to Unisys as an organization and the maintain the relationship between CIT, CISO, Data Privacy Office and global Procurement organization.

• Continuous improvement of the TPRM program to support integration to Security Rating tools (BitSight or equivalent) to have a robust Continuous Monitoring program of the vendor base.
• Ability to comprehend vendor services and contextualize the same against vendor classification or risk tiering.
• Perform and supervise day-to-day actions which will include, but not limited to, review risk tiering/classification, create and send questionnaire based on level of due-diligence, evaluate vendor responses, seek additional information from vendors, issue creation and review remediation plans, provide outcome against decision-matrix.
• Analyze responses relating to data privacy, information security, business continuity, fourth party and subcontracting, cloud security and raise escalations where needed to the Business Unit or Procurement teams as the case may be.
• Lead the function with research and designated TPRM related project assignments, process improvements and automation opportunities.
• Provide weekly and monthly metrics and be able to produce dashboards and reports for team and Leadership consumption.
• Support the internal audit team towards validation checks, perform remote or on-site vendor assessments and assist with external audit requirements around TPRM.
• Perform the role of TPRM Case Manager for high-risk vendors to provide oversight and end-to-end liaison between fellow members and analysts towards timely closure and/or escalation for vendor evaluation.

#LI-SP2

You will be successful in this role if you have:

Experience

• The candidate should have 12-15 years of work experience with at least 8-10 years in the relevant domain of leading the TPRM program and hands-on experience in vendor evaluation/vendor risk assessment.
• Should have good understanding of vendor risk management solutions in the market and tools including Security Rating Solutions and Security Exchange (BitSight or equivalent)

Qualifications and Certifications

• A Bachelor’s Degree in Engineering from a reputed institute. MTech or MBA will be an added advantage
• Excellent verbal and written communication skills
• Ability to communicate with Senior stakeholders and conduct governance meetings independently.
• Have knowledge of technical domains such as Windows, Unix/Linux, Database, Network, Backup and Storage, Application, Cloud platforms, licensing software
• Understanding of Data Privacy controls, GDPR, Privacy Shield, governing laws and regulations
• CISSP/CISA and CTPRP is a must
• Certified as a Lead auditor/implementer for ISO/IEC 27001 is a must
• Knowledge of other certifications PCI DSS, NIST 800-53, CIS Benchmarks, ISO 22301 is preferable.
• Cloud certification CCSP or equivalent is preferable
• Working knowledge of MS-Project, Power BI tools