IBM Supplier Risk Assessor 

India, Karnataka, Bengaluru 

767039160

Responsibilities:

• Facilitate Supplier risk management activities leveraging internal IBM policies, procedures, tools, and resources as a management lifecycle.
• Ensure IBM Cloud stakeholders and Suppliers complete required self-assessments & questionnaires.
• Conduct risk assessments, Supplier risk analysis, Supplier criticality, and understanding of Supplier security posture.
• Identify potential attack vectors in the IBM Cloud supply chain and develop risk mitigation strategies to reduce the risk exposure to the IBM enterprise.
• Track and report Supplier criticality and risks through assessment and ongoing (continuous monitoring) activities
• Represent IBM Cloud in discussions with Cloud stakeholders, Clients and Suppliers
• Develop and implement policies and procedures to improve supplier risk management capabilities of the Supplier Management Office
• Support IBM Cloud Stakeholders and Suppliers in meeting regulatory requirements as determined by operating environments, contractual obligations, governmental organizations, and regulatory bodies globally.
• Ensure applicable requirements and regulatory compliance are documented and managed for IBM Cloud Suppliers
• Educate and advise IBM Cloud stakeholders, Clients and Suppliers on risk management strategies and promote process efficiencies through automation and tool integration.
• Act in compliance with all relevant IBM business conduct guidelines and client driven processes
• Assist in the creation of solutions that balance business requirements with IBM Cloud security requirements.
• Communicate, interact and negotiate with IBM stakeholders, Clients and Suppliers through all levels of the organization globally.

Required Technical and Professional Expertise

• Minimum of 5 years related work experience in translating IT or IT Security regulatory requirements into business requirements and at least 2 years hands-on experience with Supplier Risk Assessments.
• Proficiency in understanding IT environments, to include cloud, hosting, co-location, and enterprise
• Proven ability to lead and organize multi-disciplinary projects and initiatives in a fast-paced and deadline-oriented business environment with broad impact.
• Proven ability to pivot with agility and flexibility.
• Proven ability to define project scope, identify dependencies and resource requirements, analyze risks and define milestones and activities.
• Exceptional attentional to detail.
• Proven analytical skills to normalize supplier management requirements from numerous sources and provide guidance on tools and process to implement to maintain compliance while focused on efficiency and automation.
• Deep knowledge of NIST/FedRAMP Moderate/High and working knowledge of Regulatory requirements or Security Frameworks and Supplier Management requirements in an industry and in an IT environment is a plus.

Preferred Technical and Professional Expertise

• Maintain relevant industry certification(s) in cybersecurity and/or risk management
• Working knowledge of Cloud offerings and Services
• Bachelor’s Degree in relevant field or maintain Industry Certification (CISA, CISSP, CISM, CRSC)
• Excellent English written and verbal communication