Job Title : Sr. Manager- Third-party Risk
Experience : 15-20 Years
Location : Bangalore
Work Mode : WFO
Notice Period : Immediate joiner - 15 days
Primanry Skills : TPRM, Supply Chain Risk Assessments, Risk Assessment, ISO 27001, NIST CSF
Education Qualification : Any Computer / Any Engineering
Roles and Responsibilities :
- Design and enhance the third-party risk management framework and establish risk appetite guidelines.
- Conduct and oversee third-party risk assessments, business impact analyses, and security control evaluations within OneTrust.
- Develop and maintain a third-party risk register, ensuring accurate tracking and remediation of risks.
- Lead remediation efforts for supply chain security gaps and facilitate creation of CUECs (Complementary User Entity Controls).
- Review supplier MSAs / security terms and collaborate with Legal to address risk concerns.
- Ensure compliance with firm security policies and evolving regulatory requirements.
- Establish and manage risk reporting and escalation processes.
- Stay current with emerging threats, industry frameworks, and relevant legislation.
- Act as liaison between internal stakeholders and external vendors on critical security issues.
- Create and present risk dashboards, reports, and executive summaries for leadership.
- Contribute to development of scalable risk management models and automation tools.
- Drive stakeholder engagement, incorporate feedback, and promote risk program adoption across the enterprise.
Qualifications & Required Experience :
Extensive experience in third-party risk management, security assessments, audits, and control implementations.Strong working knowledge of industry frameworks and standards : NIST, ISO, COSO, HiTrust, FAIR.Familiarity with regulatory requirements : PCI-DSS, GDPR, HIPAA, CCPA, etc.Hands-on experience with GRC tools : OneTrust, Security Scorecard, BitSight, or similar.Proven ability to assess control weaknesses and develop actionable remediation plans.Expertise in security control design, implementation, and monitoring.Strong analytical, communication, and stakeholder management skills.Preferred Experience :
Experience with global or enterprise-level risk programs in complex matrixed organizations.Background across multiple information security domains.Experience presenting to senior leadership and creating executive-level documentation.ref : hirist.tech)