Security Supply Chain Risk Management Specialist
Bangalore, IN
Job ID: 36648
Job Location- Bangalore/Gurugram
Job Level- S2 Core
Employment Type- Full Time
Why we need this role
We are seeking a Security Supply Chain Risk Management Specialist to join our Security Governance, Risk and Compliance (GRC) team. This role is responsible for identifying, assessing, managing, and monitoring security and ICT risks arising from third‑party suppliers, outsourcing arrangements, and sub‑contractors across the full vendor lifecycle.
The position plays a critical role in ensuring compliance with DORA, NIS2, ISO/IEC 27001, and related regulatory and contractual obligations, while strengthening the overall digital and operational resilience of the organization.
Join us and you will be part of a fast-growing community of like-minded experts to grow and learn alongside you in your career.
What you will do
Third‑Party Security Risk Management
- Design, operate, and continuously improve the security supply chain risk management framework
- Perform security risk assessments and due diligence of ICT suppliers, cloud providers, SaaS vendors, and critical service providers
- Classify suppliers based on criticality, data access, service dependency, and systemic risk
- Identify and track concentration risk, single points of failure, and exit complexity
Regulatory & Framework Alignment
- Ensure third‑party security controls and processes align with:
- DORA (ICT third‑party risk management requirements)
- NIS2 supply chain security obligations
- ISO/IEC 27001:2022 Annex A (supplier and ICT supply chain controls
Supplier Lifecycle & Contractual Controls
-
- Define and enforce security requirements for supplier onboarding, including:
- Minimum security baselines
- Evidence expectations (ISO certifications, SOC reports, penetration test summaries, etc.)
- Review and contribute to security‑related contractual clauses, including:
- Audit and access rights
- Incident notification timelines
- Sub‑outsourcing controls
- Exit, portability, and business continuity provisions
- Support secure offboarding and exit strategies for ICT providers
Continuous Monitoring & Assurance
- Establish and maintain ongoing monitoring of supplier security posture
- Track remediation plans, risk acceptances, and exceptions
- Coordinate periodic reassessments of critical and high‑risk suppliers
- Maintain accurate supplier risk documentation and registers
Reporting & Stakeholder Engagement
- Provide risk reporting and insights to security leadership and management
- Support internal awareness on supply chain risk trends and emerging threats
- Engage constructively with suppliers to drive risk reduction and security maturity
What we're looking for
Must haves:
- Proven experience (typically 5+ years) in:
- Third‑party risk management
- Information security risk management
- Technology, cloud, or outsourcing risk
- Strong understanding of ICT and cybersecurity risk concepts
- Supplier and outsourcing models
- Practical familiarity with ISO/IEC 27001 and supplier‑related controls
- Experience working with risk assessments, control frameworks, and remediation tracking
- Strong analytical and risk‑based thinking
- Ability to translate regulatory requirements into actionable controls
- Confident communication with technical, legal, and business stakeholders
- Structured, detail‑oriented, and audit‑ready mindset
- Pragmatic approach to balancing security, compliance, and business needs
Job Segment:
Supply Chain, Compliance, Supply, Risk Management, Cyber Security, Operations, Legal, Finance, Security