Deputy Manager / Manager – Third-party Risk Management (tprm)

Job Title: Deputy Manager / Manager – Third-Party Risk Management (TPRM)

Location: Pune

Experience: 5+ Years

Department: Information Risk Management / Cybersecurity

Employment Type: Full-time

About the Role:

We are looking for an experienced and driven Third-Party Risk Management (TPRM) professional to lead and manage end-to-end vendor risk assessments for global clients. The ideal candidate will have strong expertise in risk assessment, control testing, vendor governance, and regulatory compliance within the IT Risk & Cybersecurity domain.

As a Deputy Manager / Manager , you will oversee assessment delivery, manage client relationships, and contribute to the enhancement of TPRM frameworks and methodologies.

Key Responsibilities:

• Lead and manage third-party risk assessments across cybersecurity, privacy, compliance, and operational domains.
• Evaluate vendor controls against frameworks such as ISO 27001, NIST, SOC 2, GDPR , and industry-specific regulations .
• Design and enhance vendor due diligence and onboarding processes , ensuring alignment with enterprise risk policies.
• Coordinate with internal stakeholders, procurement, and vendor teams to track risk mitigation and remediation plans.
• Review vendor responses, identify control gaps, and provide actionable recommendations to mitigate risks.
• Prepare risk reports , dashboards, and executive summaries for senior leadership and clients.
• Manage a small team of analysts, providing training, mentoring, and performance feedback.
• Contribute to continuous improvement of TPRM methodologies, tools, and automation initiatives.

Required Skills & Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, or a related field .
• 5+ years of relevant experience in TPRM, vendor risk assessment, or IT Risk & Compliance.
• Strong understanding of information security controls , risk frameworks , and control testing methodologies.
• Exposure to TPRM platforms (e.g., Archer, ProcessUnity, OneTrust, ServiceNow VRM, MetricStream, etc.) is highly desirable.
• Excellent stakeholder management, communication, and report-writing skills.
• Certifications such as CISA, ISO 27001 LA, CRISC, CISSP , or CISM are preferred.

Preferred Attributes:

• Proven ability to manage multiple assessments and deadlines.
• Analytical mindset with attention to detail and accuracy.
• Ability to work effectively with global clients and cross-functional teams.
• Strong leadership and mentoring skills.