Skip to main content

Careers Home > Job Search Results > Supplier Cyber Risk Manager

Supplier Cyber Risk Manager

Location: Bangalore, Karnataka, India
Job ID: R0024810
Date Posted: Sep 28, 2023
Segment: Green Energy & Mobility
Business Unit: Hitachi Energy
Company Name: Hitachi Energy Ltd
Profession (Job Category): IT, Telecom & Internet
Job Type (Experience Level): Management
Job Schedule: Full time
Remote: No

Share: mail
Save Job Saved


Supplier Cyber Risk Management (SCRM) Program

Job Title: Supplier Cyber Risk Manager

What You will Do:

  • Support the implementation of the SCRM governance and operating model, SCRM policy and standards, Cybersecurity Standard - Supplier (CS-S), pre-deviation including ongoing maintenance and updates
  • Update SCRM program documentation based on changing risks, stakeholders’ feedback, & regulatory changes
  • Define assessment lifecycle, assessment type & frequency, assessment schedule, raise risks and issues and perform SCRM risk reporting
  • Operationalize the SCRM processes throughout the supplier lifecycle from onboarding, contracting, continuous monitoring to offboarding stages across the HE organization
  • Manage the assessment demand by support from SCRM Service Lead and assessor pool.
  • Identify and monitor staffing opportunities required to support the supplier cyber risk assessment volume
  • Provide advice to the business stakeholders to complete cyber questionnaires for HE Suppliers
  • Drive remediation of internal audit findings from ISO27001 and report to SCRM Program Manager
  • Build, support and assist supplier incident management cases
  • Support in training and educating the various stakeholders within the organization around the SCRM process to facilitate efficient engagement delivery
  • Monitor the progress of the assessment program and report any potential risks and delays to the assessment delivery


  • Bachelor’s/ Master’s degree in information technology or related field


  • Overall, 6 to 8 years of relevant experience in information security with at least 3 years of project management experience on mid-to-high complexity projects
  • ISO 27001/ CISM/ CISA (or equivalent) certified, preferred to have CISSP
  • Project Management Professional (PMP) or equivalent certification preferred
  • Deep understanding of information security and risk frameworks/standards
  • Demonstrate knowledge of key risk areas such as compliance and regulatory risk, and one or more of the following domains:
    • Security Policies, Standards and Procedures
    • Application Management
    • Identity and Access Management
    • Supplier Risk Management
    • Incident Response
    • Privacy and Data Protection
    • Cloud Security
    • Business Continuity and Disaster Recovery
  • Demonstrate an understanding of market trends, competitor activities within SCRM domain
  • Excellent stakeholder management along with interpersonal, verbal, written and communication skills
Share: mail