Security Specialist
TATA Consultancy Services Ltd.
Milford, OH
Job posting number: #7308108 (Ref:tsc-361746)
Posted: May 9, 2025
Job Description
Must Have Technical/Functional Skills
• 3-5 years of experience in third-party security assessments, Secure SDLC, and security control validation.
• Strong knowledge of Secure Software Development Framework (SSDF) and Secure SDLC methodologies.
• Hands-on experience implementing security processes in ServiceNow UDCRM.
• Experience with security control frameworks such as NIST SSDF, ISO 27001, SOC 2, PCI DSS, and OWASP.
• Knowledge of security testing tools like SAST, DAST, SCA, CSPM, and SIEM.
• Strong analytical skills with the ability to assess security risks and implement mitigation plans.
• Security certifications such as CISSP, CSSLP, CTPRP, CISM, or CRISC.
• Experience with vendor risk management (VRM) programs and regulatory compliance.
• Familiarity with DevSecOps, container security, cloud security (AWS, Azure, GCP), and Infrastructure as
• Code (IaC) security.
• ServiceNow certifications (e.g., Certified Implementation Specialist – Risk and Compliance).
Roles & Responsibilities
• Develop and implement a structured Secure Software Development Framework (SSDF) for onboarding third-party vendors.
• Define and enforce security control requirements for vendors at each phase of the Secure SDLC.
• Evaluate vendors' software development practices, security policies, and risk management capabilities.
• Ensure vendors adhere to secure coding, threat modeling, and security testing (SAST, DAST, SCA).
• Collaborate with procurement, legal, and compliance teams to incorporate security standards into vendor agreements.
• Define and validate security controls required for third-party vendor engagements.
• Assess vendor compliance with industry standards such as NIST SSDF, ISO 27001, SOC 2, PCI DSS, and CIS Benchmarks.
• Work with internal security and risk teams to document and track security findings related to vendors.
• Establish continuous monitoring processes for third-party security risks.
• Configure and optimize the ServiceNow GRC module to support third-party vendor onboarding and control validation.
• Automate security control assessment workflows within ServiceNow GRC.
• Develop risk scoring mechanisms and vendor compliance tracking dashboards in ServiceNow.
• Integrate UDCRM with security tools to enable automated evidence collection and risk analysis.
• Provide training and support on ServiceNow GRC security workflows for internal teams.
Salary Range-$115,000-$125,000 a year
#LI-KR1
Apply Now
Please mention to the employer that you saw this ad on AmericanCareers.com
- Share this job:
- [Save this Job]
