IT ANALYST

This range is provided by Tata Consultancy Services. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$/yr - $/yr

• Develop and implement a structured Secure Software Development Framework (SSDF) for onboarding third-party vendors.
• Define and enforce security control requirements for vendors at each phase of the Secure SDLC.
• Evaluate vendors' software development practices, security policies, and risk management capabilities.
• Ensure vendors adhere to secure coding, threat modeling, and security testing (SAST, DAST, SCA).
• Collaborate with procurement, legal, and compliance teams to incorporate security standards into vendor agreements.
• Define and validate security controls required for third-party vendor engagements.
• Assess vendor compliance with industry standards such as NIST SSDF, ISO 27001, SOC 2, PCI DSS, and CIS Benchmarks.
• Work with internal security and risk teams to document and track security findings related to vendors.
• Establish continuous monitoring processes for third-party security risks.
• Configure and optimize the Service Now GRC module to support third-party vendor onboarding and control validation.
• Automate security control assessment workflows within Service Now GRC.
• Develop risk scoring mechanisms and vendor compliance tracking dashboards in Service Now.
• Integrate UDCRM with security tools to enable automated evidence collection and risk analysis.
• Provide training and support on Service Now GRC security workflows for internal teams.

• 3-5 years of experience in third-party security assessments, Secure SDLC, and security control validation.
• Strong knowledge of Secure Software Development Framework (SSDF) and Secure SDLC methodologies.
• Hands-on experience implementing security processes in Service Now UDCRM.
• Experience with security control frameworks such as NIST SSDF, ISO 27001, SOC 2, PCI DSS, and OWASP.
• Knowledge of security testing tools like SAST, DAST, SCA, CSPM, and SIEM.
• Strong analytical skills with the ability to assess security risks and implement mitigation plans.
• Security certifications such as CISSP, CSSLP, CTPRP, CISM, or CRISC.
• Experience with vendor risk management (VRM) programs and regulatory compliance.
• Familiarity with Dev Sec Ops , container security, cloud security (AWS, Azure, GCP), and Infrastructure as Code.
• Service Now certifications (e.g., Certified Implementation Specialist – Risk and Compliance).

Salary Range: $115,000-$125,000 a year

Mid-Senior level

Full-time

Information Technology

IT Services and IT Consulting

Referrals increase your chances of interviewing at Tata Consultancy Services by 2x