Supplier Security Risk Management (SSRM) Risk Assessor Lead

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role At Kyndryl, our Security Consultants are game-changers, constantly pushing the boundaries of what's possible and transforming the way our customers do business. We're looking for a talented individual who thrives in a dynamic environment and is ready to take on the challenge of protecting organizations from threats both known and unknown – being the defender of tomorrow’s digital world. As a Security Consultant, you'll be the guardian of confidentiality, integrity, and availability, ensuring organizations are shielded from the ever-evolving threat landscape. Your expertise will be sought after as you assess, analyze, and implement effective security measures in customer environments, leaving no stone unturned when it comes to safeguarding their most sensitive data. Collaboration will be your forte, as you work closely with clients to understand their unique security requirements and assess their current security posture. Armed with this knowledge, you'll provide expert guidance and recommendations on the best security practices, risk management strategies, and robust security policies that will fortify their defenses. You won't stop at providing advice; you'll roll up your sleeves and get hands-on. Designing and implementing security controls, policies, and procedures will be your playground. You'll work alongside cross-functional teams to deploy state-of-the-art technologies, including firewalls, intrusion detection/prevention systems, access controls, and encryption technologies, ensuring a comprehensive security framework. The thrill of uncovering vulnerabilities and risks is what motivates you. Armed with your extensive knowledge, you'll conduct thorough security assessments, leaving no stone unturned in identifying potential security breaches. Your findings will serve as the foundation for meticulous security audits and reviews, ensuring adherence to policies and procedures. Your reports and findings will be the catalyst for management decisions and actions. In the fast-paced world of cybersecurity, staying ahead of the game is crucial. That's why you'll continuously immerse yourself in the latest security threats, technologies, and best practices. Your recommendations will drive enhancements to the organization's security posture, ensuring it remains at the cutting edge of defense. Your influence won't be limited to systems alone. You'll lend your expertise to the design and review of IT infrastructure, systems, and applications, ensuring they are secure by design from inception. Not only will you make an impact within our organization, but you'll also collaborate with customers and vendors on security assessments, audits, and due diligence activities. Your knowledge and experience will be instrumental in shaping secure collaborations and partnerships. Our consultants are restless for innovation. They are at the edge of technology, changing the way our customers implement business solutions – so, if you’re a problem-solver, an innovative thinker, and a self-starter with a passion high impact assignments which align technology to business outcomes, then we want to hear from you! Apply today to join our team that has a host of exciting projects and customers waiting for you to work with them to solve complex transformation puzzles through technology. Your Future at Kyndryl As a Security Consultant at Kyndryl you will join the Kyndryl Consultant Profession, working with other Kyndryl Consultants, Architects, Project Managers, and cross-functional Technical Subject Matter Experts – presenting unlimited opportunities with unmatched support through our investment in your learning, training, and career growth Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. \ Supplier Security Risk Management (SSRM) Risk Assessor Lead Your Role and Responsibilities Preferred location: Non-US, India and US KYNDRYL Chief Information Security Office (CISO) is a global function responsible for keeping enterprise safe from cyberthreats and responsible for developing and implementing enterprise-wide security programs. Supplier security risk management function is part of CISO’s enterprise wide program that manages cybersecurity risks of supplier engagements. The scope of the program covers all applicable suppliers across the organization. The objective of the program is to govern security practices across the organization for engaging third party products/ services, assess the threat of third parties to KYNDRYL assets and network, mitigate key risk areas and continuously monitor high risk segments of suppliers. Suppliers are integral part of the organization, and many key services and products are dependent on these third party services. KYNDRYL’s continuous transformation in new technology areas brings new suppliers with new technology or new working model as a result bringing new risks to KYNDRYL environment. The candidate will be responsible to lead supplier security review program and execute the program from India. The candidate will develop and implement an automated solution to assess security capabilities of thousands of supplier products and services. The candidate will be leading a group of risk assessors in this role. Candidate with technical expertise in leading technologies such as Cloud, Kubernetes, Containers, Application Architecture or Networking technologies or Remote Access technologies is an added advantage. Candidates’ expertise in these areas will aid risk assessment of emerging suppliers with products and solutions based on these technological areas. This is not a compliance or audit function. On the other hand, this is not a security testing function. Position must be based in US, India and Non-US Job Responsibilities: Develop supplier security review program using standard security questionnaires and third party vendor risk management tool Test and deploy the program for a group of suppliers and expand the program to scale thousands of suppliers Onboard and train new team members on the program Conduct security review of third-party products/ services to assess the security capabilities and risks to KYNDRYL / Customer data, KYNDRYL network and KYNDRYL products/ offerings Identify areas of improvement, analyze and provide appropriate recommendations for mitigation of the risk Working with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement/replacement, a plan is developed and executed. Monitor and drive mitigation actions. Partner and coordinate closely with internal stakeholders (i.e. Business units, Business Unit Information Security executives, BISOs, Procurement, Internal Audit, Legal, etc.) to facilitate and assess third party relationships. Clearly articulate the risk areas and required mitigation action to senior management of Business units, CISO and cross-functional teams Act as a subject matter expert to assist the business in identifying and mitigating risks on their supplier relationships. Ensure appropriate security terms are included in supplier contracts Hands on experience in GRC tools: OneTrust Required Skills: Masters or Bachelors (BA/BS) degree in Computer Science, Information Security, Information Technology or equivalent experience Overall 7-10 years of experience in IT or information security domain Minimum 5 years of experience managing IT, information security or risk management teams Experience evaluating third party security controls and status Risk management experience – assessment of large complex problem areas, prioritization of risk and risk mitigation analysis and plan Minimum 5 years of experience in one of the following: Experience in security architecture and solutioning Experience in application security management Experience running vulnerability scans or management Experience in Security Operations Center (SOC) Experience in managing network security Experience in security technologies such as Identity & Access Management, encryption, DLP, GRC etc. Minimum 2 years of experience in one of the following: Cloud application development, including working with Kubernetes, containers, dockers Cloud infrastructure management – management of Kubernetes, containers, cloud databases and applications Experience in development, deployment or maintenance of secure application development Experience in development, deployment or maintenance of IoT and open source applications and infrastructure Desired Skills: Experience evaluating third party security controls and status Experience conducting risk assessment of problem areas Risk management experience – assessment, prioritization and remediation Familiarity with SOC 2 Type 2 audits ISO 27001 implementation knowledge NIST 800-53 implementation experience Preferred Certifications CISSP CISA CRISC Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contacts Kyndryl email address. We’re glad you’re here. Take a look around at the many exciting career opportunities we have available and apply today! Can’t find a suitable job opening? Drop off your CV/Resume Drop off your CV/Resume and a Recruiter will reach out with related career information that match your experience and expertise. Sign up for Job Alerts Create your account and then sign up for job alerts. When new jobs become available that meet your criteria, you’ll be alerted right away! At Kyndryl, curiosity is at the core of innovation. It fuels the most vital need inside us—the need to progress. To be a Kyndryl means standing up for Progress and going all in, fully committing to our customers and their progress. As we grow, our curiosity opens new worlds, new ways of thinking and solving problems. It helps us in our career and to find joy in our work. What sparks your curiosity?