Manager – Third Party Risk Management (TPRM)

Job Title :

Manager – Third Party Risk Management (TPRM)

Location : Mumbai

Experience : 6+ Years

Department :

Information Risk Management / Information Security

About the Role :

We are seeking an experienced

TPRM Manager

to lead and enhance our Third-Party Risk Management framework. The ideal candidate will have a strong background in

Information Risk Management (IRM) ,

Information Security (InfoSec) , and

vendor risk assessment , with the ability to evaluate and mitigate risks associated with third-party engagements across business functions.

Key Responsibilities :

Lead end-to-end

Third Party Risk Management

lifecycle including onboarding, due diligence, assessment, monitoring, and offboarding.

Perform detailed

risk assessments

of vendors based on defined risk criteria — including Information Security, Privacy, and Regulatory requirements.

Collaborate with internal stakeholders (Procurement, Legal, Compliance, IT Security) to ensure adherence to enterprise risk standards.

Identify and assess

information security and operational risks

associated with third parties and recommend appropriate mitigation actions.

Develop and maintain the

TPRM framework , policies, and risk assessment methodologies in line with industry best practices (ISO 27001, NIST, etc.).

Review vendor SOC reports, ISO certifications, penetration test results, and other assurance documents to validate control effectiveness.

Track, monitor, and report on vendor risks, remediation progress, and performance metrics to senior management.

Support internal and external audits related to TPRM, IRM, and InfoSec programs.

Drive

continuous improvement initiatives

in the TPRM process using automation and data analytics where possible.

Required Skills & Experience :

6+ years of experience in

Third Party Risk Management ,

Information Risk Management , or

Information Security .

Strong understanding of

risk assessment frameworks

(ISO 27001, NIST, COBIT, CSA, etc.).

Hands-on experience in conducting

vendor security assessments ,

control testing , and

remediation follow-ups .

Working knowledge of

data protection, cybersecurity principles , and

compliance standards

(GDPR, RBI, SEBI, etc.).

Excellent analytical, communication, and stakeholder management skills.

Experience in using

TPRM tools or GRC platforms

is an advantage (e.g., Archer, ServiceNow, OneTrust, MetricStream).

Preferred Certifications :

ISO 27001 Lead Auditor / Implementer

CISA / CISM / CRISC / CISSP (preferred)

Any Third-Party Risk or Vendor Risk certification will be an added advantage

Key Attributes :

Strong problem-solving and decision-making skills

Ability to work independently and in cross-functional teams

Excellent stakeholder and vendor management capability

Attention to detail with a focus on compliance and risk mitigation