Security Supply Chain Risk Management Specialist

Job id:  36648
Job location: 

Bangalore, IN

Job ID: 36648

Job Location- Bangalore/Gurugram

Job Level- S2 Core

Employment Type- Full Time

Why we need this role

We are seeking a Security Supply Chain Risk Management Specialist to join our Security Governance, Risk and Compliance (GRC) team. This role is responsible for identifying, assessing, managing, and monitoring security and ICT risks arising from thirdparty suppliers, outsourcing arrangements, and subcontractors across the full vendor lifecycle.  

The position plays a critical role in ensuring compliance with DORA, NIS2, ISO/IEC 27001, and related regulatory and contractual obligations, while strengthening the overall digital and operational resilience of the organization.  

Join us and you will be part of a fast-growing community of like-minded experts to grow and learn alongside you in your career.                  

What you will do

Third‑Party Security Risk Management  

  • Design, operate, and continuously improve the security supply chain risk management framework  
  • Perform security risk assessments and due diligence of ICT suppliers, cloud providers, SaaS vendors, and critical service providers  
  • Classify suppliers based on criticality, data access, service dependency, and systemic risk  
  • Identify and track concentration risk, single points of failure, and exit complexity 

 

 

Regulatory & Framework Alignment  

 

  • Ensure third‑party security controls and processes align with:   
  • DORA (ICT third‑party risk management requirements)  
  • NIS2 supply chain security obligations  
  • ISO/IEC 27001:2022 Annex A (supplier and ICT supply chain controls

 

Supplier Lifecycle & Contractual Controls  

 

    • Define and enforce security requirements for supplier onboarding, including:   
    • Minimum security baselines  
    • Evidence expectations (ISO certifications, SOC reports, penetration test summaries, etc.)  
    • Review and contribute to security‑related contractual clauses, including:   
    • Audit and access rights  
    • Incident notification timelines  
    • Sub‑outsourcing controls  
    • Exit, portability, and business continuity provisions  
    • Support secure offboarding and exit strategies for ICT providers  

 

Continuous Monitoring & Assurance  

 

  • Establish and maintain ongoing monitoring of supplier security posture  
  • Track remediation plans, risk acceptances, and exceptions  
  • Coordinate periodic reassessments of critical and high‑risk suppliers  
  • Maintain accurate supplier risk documentation and registers  

 

Reporting & Stakeholder Engagement  

 

  • Provide risk reporting and insights to security leadership and management  
  • Support internal awareness on supply chain risk trends and emerging threats  
  • Engage constructively with suppliers to drive risk reduction and security maturity  

What we're looking for

Must haves:

 

  • Proven experience (typically 5+ years) in:   
  • Third‑party risk management  
  • Information security risk management  
  • Technology, cloud, or outsourcing risk  
  • Strong understanding of ICT and cybersecurity risk concepts  
  • Supplier and outsourcing models  
  • Practical familiarity with ISO/IEC 27001 and supplier‑related controls  
  • Experience working with risk assessments, control frameworks, and remediation tracking  
  • Strong analytical and risk‑based thinking  
  • Ability to translate regulatory requirements into actionable controls  
  • Confident communication with technical, legal, and business stakeholders  
  • Structured, detail‑oriented, and audit‑ready mindset  
  • Pragmatic approach to balancing security, compliance, and business needs  


Job Segment: Supply Chain, Compliance, Supply, Risk Management, Cyber Security, Operations, Legal, Finance, Security