Cybersecurity - Third Party Risk Management Specialist

Job Description

Be part of the solution at Technip Energies and embark on a one-of-a-kind journey. You will be helping to develop cutting-edge solutions to solve real-world energy problems.

We are currently seeking a  Cybersecurity - Third Party Risk Management Specialist , to join our  Cybersecurity  team based in  Noida .

About us:

Technip Energies is a global technology and engineering powerhouse. With leadership positions in LNG, hydrogen, ethylene, sustainable chemistry, and CO2 management, we are contributing to the development of critical markets such as energy, energy derivatives, decarbonization, and circularity. Our complementary business segments, Technology, Products and Services (TPS) and Project Delivery, turn innovation into scalable and industrial reality.

Through collaboration and excellence in execution, our 17,000+ employees across 34 countries are fully committed to bridging prosperity with sustainability for a world designed to last.

Global Business Services India

At Technip Energies, we are continually looking for ways to become more efficient, and ways to improve our quality, customer focus and cost competitiveness. The T. EN Global Business Services (TGBS) organization is key to executing this strategy, by standardizing our processes and centralizing our services.

Our Vision: A customer focused, cost efficient, innovative, and high performing organization that drives functional excellence.

GBS provide streamlined and consistent services to our internal customers in the domain of Finance and Accounting, Human Resources, Business Functional Support, Procurement and Legal. Our services fit our global organization and allow us to focus on business strategy and priorities. GBS also maintains continuous improvement plans to enhance our customer-oriented service culture.

About the opportunity we offer:

Due Diligence and Onboarding:
Conducting initial risk assessments on potential new vendors. This involves evaluating their security posture, reviewing their security policies and controls, and ensuring they meet the organization's minimum-security requirements before a contract is signed. This process often includes sending out detailed questionnaires and reviewing certifications like SOC 2 or ISO 27001.
Risk Assessment and Analysis: A core responsibility is performing comprehensive cybersecurity risk assessments on new and existing third parties and assigning it into a risk category (e.g., critical, high, medium, low) based on type of risk they can bring to organization. A vendor handling sensitive customer data would be a high-risk vendor, while an office supply vendor would be low risk.
Definition of requirement:
Once the risk profile is identified, security requirements and contractual clauses need to be defined and applied in partnership with procurement and business stakeholders to include such requirements within the contract or agreement.
Continuous Monitoring:
Cybersecurity threats are constantly evolving, so a one-time assessment is not enough. A key duty is performing continuous monitoring of third-party vendors to detect changes in their security posture, such as new vulnerabilities, a data breach, or a drop in their security ratings. It can be performed by analyzing third-party assurance reports (e.g. SOC 2 Type II) and/or with automated tools.
Reporting and Communication:
Preparing and presenting reports on third-party risk exposure to internal stakeholders
Responsible for defining and maintaining third parties' security policy, standards and procedures.

About you:

At least 8 years of experience in Cyber risk management and Third-Party Risk Management with the ability to identify, analyze, and quantify risks.
GRC Platforms:
Experience using Governance, Risk, and Compliance (GRC) tools to manage the TPRM lifecycle.
Regulatory Awareness:
Experience in dealing with cyber security standards and privacy regulations such as ISO
27001, NIST CSF, ISA/IEC 62433, CIS, Cyber Essentials, NIS2, GDPR and CCPA.

Experience with Oil and Gas industry is a plus.
Experience in writing policies, procedures.

Technical

Experience:

Understanding of IT and OT domains along with their differences.
Good knowledge of cybersecurity standards and best practices such as ISO
27001, ISA/IEC 62433, IEC 61850, IEC 27019, NIST CSF, CIS.
Good knowledge of Third-Party Risk Assessment Tools (e.g. Black Kite, Bit Sight, Security Scorecard, Risk Recon, or Up Guard for continuous monitoring of vendor security posture.
Familiarity with Governance, Risk & Compliance tools like Sure Cloud, Archer, Service Now GRC, or Metric Stream for tracking third-party risks.

Experience with SIG (Standardized Information Gathering) questionnaires or CAIQ (Consensus Assessments Initiative Questionnaire) from the Cloud Security Alliance.
Understanding of GDPR, CCPA, and other regional data protection laws that impact third-party engagements.
Ability to review security clauses in contracts, SLAs, and DPAs (Data Processing Agreements) to ensure alignment with internal…