Job Title: Manager – Third Party Risk Management (TPRM)
Location: Bangalore
Experience: 6+ Years
Department: Information Risk Management / Information Security
About the Role:
We are seeking an experienced TPRM Manager to lead and enhance our Third-Party Risk Management framework. The ideal candidate will have a strong background in Information Risk Management (IRM) , Information Security (InfoSec) , and vendor risk assessment , with the ability to evaluate and mitigate risks associated with third-party engagements across business functions.
Key Responsibilities:
- Lead end-to-end Third Party Risk Management lifecycle including onboarding, due diligence, assessment, monitoring, and offboarding.
- Perform detailed risk assessments of vendors based on defined risk criteria — including Information Security, Privacy, and Regulatory requirements.
- Collaborate with internal stakeholders (Procurement, Legal, Compliance, IT Security) to ensure adherence to enterprise risk standards.
- Identify and assess information security and operational risks associated with third parties and recommend appropriate mitigation actions.
- Develop and maintain the TPRM framework , policies, and risk assessment methodologies in line with industry best practices (ISO 27001, NIST, etc.).
- Review vendor SOC reports, ISO certifications, penetration test results, and other assurance documents to validate control effectiveness.
- Track, monitor, and report on vendor risks, remediation progress, and performance metrics to senior management.
- Support internal and external audits related to TPRM, IRM, and InfoSec programs.
- Drive continuous improvement initiatives in the TPRM process using automation and data analytics where possible.
Required Skills & Experience:
- 6+ years of experience in Third Party Risk Management , Information Risk Management , or Information Security .
- Strong understanding of risk assessment frameworks (ISO 27001, NIST, COBIT, CSA, etc.).
- Hands-on experience in conducting vendor security assessments , control testing , and remediation follow-ups .
- Working knowledge of data protection, cybersecurity principles , and compliance standards (GDPR, RBI, SEBI, etc.).
- Excellent analytical, communication, and stakeholder management skills.
- Experience in using TPRM tools or GRC platforms is an advantage (e.g., Archer, ServiceNow, OneTrust, MetricStream).
Preferred Certifications:
- ISO 27001 Lead Auditor / Implementer
- CISA / CISM / CRISC / CISSP (preferred)
- Any Third-Party Risk or Vendor Risk certification will be an added advantage
Key Attributes:
- Strong problem-solving and decision-making skills
- Ability to work independently and in cross-functional teams
- Excellent stakeholder and vendor management capability
- Attention to detail with a focus on compliance and risk mitigation