**Project** Description**:Luxoft DXC Technology Company is an established company focusing on consulting and implementation of complex projects in the financial industry.
At the interface between technology and business, we convince with our know-how, well-founded methodology and pleasure in success.
As a reliable partner to our renowned customers, we support them in planning, designing and implementing the desired innovations.
Together with the customer, we deliver top performance!For one of our Client in the Insurance Segment, we are searching for a 3rd Party Risk Management SME.
**Responsibilities**:- Independently conduct third party vendor audits and assessments.
Support key reporting activities associated with the function.- Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues.- Advise with identifying compensating control alternatives where compliance requirements cannot be met.- Influence vendors and business partners to ensure compliance with the organization's risk management policies- Collaborate with key stakeholders in IT and the Business to understand requirements, scope of services provided by vendors and explain risks if identified any.- Function as a Subject Matter Expert in several IT Risk domains (e.G.
Access Control, Change Management, Cryptography, Network Security etc.)
on IT internal controls, including risk assessments and analysis.- Meet with leadership and management to discuss identified issues and partner closely with IT and the business on remediation activities- Partner with Legal and Procurement functions to successfully include security terms in the agreements.
Review and negotiate redlines on the security clauses from vendors.
**Skills**:Must have- 5-8 years of experience in third party risk management- Experienced in review of SSAE18, SOC 2, HITRUST, SIG, CAIQ reports, PCI-DSS reports- Should be able to independently conduct third party vendor audits and assessments.
Support key reporting activities associated with the function.Nice to have- Professional Certificates such as CISSP, CISA, ISO 27001 Lead Auditor etc.
**Languages**:English: C1 Advanced**Seniority**:Senior**Relocation package**:If needed, we can help you with relocation process.Vacancy SpecializationOther ConsultingRef NumberVR-94685