Talent.com
Information Security / Vendor Risk Manager - TPRM Framework

Information Security / Vendor Risk Manager - TPRM Framework

WorkassistMumbai
19 days ago
Job description

Description :

Position : Information Security & Vendor Risk Manager

Work Level : Middle Management

Industry Type : IT Services & Consulting

Location : India

Job Summary :

The Information Security & Vendor Risk Manager will operate at a middle management level, serving as a key driver of the organization's Third-Party Risk Management (TPRM) program.

This self-motivated and results-driven role requires deep technical expertise in cybersecurity frameworks, cloud security, and compliance standards (e.g., PCI-DSS, ISO 27001).

The manager will be responsible for developing the TPRM framework, conducting end-to-end technical security assessments of third parties, and leading risk mitigation advisory and reporting to senior management to ensure compliance and security assurance across all vendor engagements.

Job Description :

TPRM Program Management and Governance :

  • Develop, implement, and continuously mature the organizations holistic Third-Party Risk Management (TPRM) framework, ensuring alignment with global standards, industry best practices, and internal risk appetite.
  • Define and maintain technical policies, procedures, and rigorous guidelines governing the lifecycle of third-party engagements, from initial due diligence to secure offboarding.
  • Drive program initiatives with a results-driven mindset, focusing on quantifiable metrics for risk reduction and operational efficiency across the TPRM function.

Risk Assessment and Technical Due Diligence :

  • Conduct comprehensive, end-to-end technical security assessments and due diligence reviews of vendors throughout the entire lifecycle, evaluating system configurations, security controls, and overall operational effectiveness.
  • Technically assess and recommend compensating controls across various domains, including Network, Server, and Endpoint Security controls, as well as data protection mechanisms for sensitive information like PII and Cardholder Data.
  • Expertly evaluate and validate security posture across multi-cloud environments, specifically reviewing configurations and security controls within AWS, Azure, GCP, and OCI.
  • Review vendor compliance against rigorous digital payments standards, including PCI-DSS, PCI-PIN, and PA-DSS, ensuring technical control validation is performed where applicable.
  • Conduct technical control verification, including analyzing Vulnerability Assessment and Penetration Testing (VAPT) reports and assessing the effectiveness of Security Information and Event Management (SIEM) capabilities in vendor environments.

    • Continuous Monitoring and Risk Mitigation Advisory :

  • Establish and operationalize robust processes for continuous monitoring and periodic technical reassessments of third-party security and compliance posture using automated tools and manual deep-dive reviews.
  • Identify latent and emerging security risks in third-party engagements, translating potential vulnerabilities into actionable, business-focused mitigation strategies for internal stakeholders.
  • Provide expert advisory and technical guidance on security control implementation, leveraging security-by-design principles for data protection and API security during new third-party integrations.
  • Act as a technical liaison with business partners to ensure timely and effective implementation of recommended security controls and regulatory assurance in the digital payments ecosystem.

    • Reporting, Compliance, and Stakeholder Engagement :

  • Lead audit planning and collaborate with assurance teams to analyze control effectiveness, review reports, and present clear, data-driven findings on the overall third-party risk posture to C-level executives and senior management.
  • Partner with internal teams (Legal, Procurement, IT, CISO) to champion an integrated and streamlined approach to TPRM across the organization.
  • Ensure all third-party engagements maintain continuous compliance with relevant local and international laws, regulations, and industry standards.
  • Validate adherence to recognized international security frameworks, including ISO 27001 (ISMS), SOC Reports, and the NIST Cybersecurity Framework.

    • Required Skills & Qualifications :

  • Experience : Mandatory experience working within Information Security or GRC, with significant focus on Vendor / Third-Party Risk Management.
  • Framework Expertise : Deep practical knowledge of major Cybersecurity Frameworks (e.g., NIST, ISO 27001) and regulatory compliance standards (PCI-DSS, SOC 2).
  • Risk Analysis : Proven experience performing quantitative and qualitative Risk Analysis and technical due diligence assessments (e.g., control gap analysis, analyzing VAPT reports).
  • Cloud Security : Strong technical understanding of security controls and architecture across at least two major cloud platforms (AWS, Azure, GCP, OCI).
  • Tooling : Practical experience utilizing SIEM solutions and understanding endpoint security technologies to evaluate a vendor's defensive capabilities.
  • Core Skills : Self-Motivated, result-driven, exceptional problem-solving abilities, and strong written / verbal communication for effective stakeholder engagement.
  • Education : Mandatory Graduate degree.

    • Preferred Skills :

  • Digital Payments : Direct experience with regulatory and security requirements within the digital payments ecosystem (e.g., payment gateways, tokenization, mobile wallets).
  • Certifications : Industry-leading certifications such as CISSP, CISM, CRISC, or CISA are highly advantageous.
  • Automation : Experience implementing or utilizing GRC / TPRM automation platforms (e.g., OneTrust, ServiceNow GRC) to streamline assessment workflows and continuous monitoring.
  • API Security : Technical knowledge of best practices for securing APIs (e.g., OAuth 2.0, API Gateway configuration, rate limiting).
  • Contract Review : Basic familiarity with reviewing security schedules and terms within third-party contracts and Statements of Work (SOWs).

    • (ref : hirist.tech)

    Create a job alert for this search

    Risk Manager • Mumbai

    Related jobs
    • Promoted
    Oracle Cloud Security and Risk Management (RMC) Consultant

    Oracle Cloud Security and Risk Management (RMC) Consultant

    AtomThane, IN
    Job Title : Oracle Cloud Security and Risk Management (RMC) Consultant.We are seeking an experienced Oracle Cloud Security and Risk Management (RMC) Consultant to join our team.The ideal candidate w...Show moreLast updated: 30+ days ago
    • Promoted
    Head of Cybersecurity Practice (Global)

    Head of Cybersecurity Practice (Global)

    Timus Consulting ServicesThane, IN
    Head of Cybersecurity Practice (Global).Minimum 10 years with cybersecurity consulting, services, or leadership roles.Timus Consulting is a global leader in Governance, Risk, and Compliance (GRC) a...Show moreLast updated: 3 days ago
    • Promoted
    Manager - Information Security

    Manager - Information Security

    Hipos Consulting Services LLPThane
    About : - Master's or bachelor's degree in information technology / Information Security / Computer Science, or a related field. Information Security, specifically in ...Show moreLast updated: 9 days ago
    • Promoted
    Senior Manager - Information Security

    Senior Manager - Information Security

    NMS ConsultantMumbai
    Description : The Senior Manager Information Security will spearhead the development and execution of a comprehensive information security strateg...Show moreLast updated: 9 days ago
    • Promoted
    Director - Datacenter / Cyber Security Domain

    Director - Datacenter / Cyber Security Domain

    Talent WorxMumbai
    Key Responsibilities : - Design, document, and enforce cybersecurity policies and protocols tailored for an AI data center, integrating best practi...Show moreLast updated: 30+ days ago
    • Promoted
    HDB Financial Services - Senior Manager - Information Security & Governance

    HDB Financial Services - Senior Manager - Information Security & Governance

    HDB Financial Services LtdMumbai
    HDB Financial Services Ltd is looking for an experienced Red Team Assessment expert to join our Cyber Security Team.This role is responsible for simulating real-world attacks to test the effectiven...Show moreLast updated: 30+ days ago
    • Promoted
    Natobotics - Vice President - Information Security GRC Specialist

    Natobotics - Vice President - Information Security GRC Specialist

    NatoboticsMumbai, India
    Job Title : VP Information Security (Governance, Risk & Compliance) Location : Mumbai Employment Type : Fu...Show moreLast updated: 30+ days ago
    • Promoted
    VAYUZ Technologies - IT Security Manager

    VAYUZ Technologies - IT Security Manager

    VAYUZ TechnologiesMumbai
    Description : About the Role : We are seeking an exp...Show moreLast updated: 18 days ago
    • Promoted
    Business Development Manager - Cybersecurity & IT Risk

    Business Development Manager - Cybersecurity & IT Risk

    Timus Consulting ServicesThane, IN
    Business Development Manager - Cybersecurity & IT Risk.The ideal candidate will have strong knowledge of cybersecurity solutions, IT risk management, and compliance frameworks, and will be responsi...Show moreLast updated: 1 day ago
    • Promoted
    Senior Security & Compliance Manager

    Senior Security & Compliance Manager

    ConfidentialKalyan-Dombivli, IN
    Senior Security & Compliance Manager (Independent Contractor, Remote).Remote (Must work US hours, 6 AM – 2 PM Pacific Time or 9am - 5pm Eastern Time). The Senior Security & Compliance Manager will o...Show moreLast updated: 11 days ago
    • Promoted
    Director of Cyber Security

    Director of Cyber Security

    Wenger & WatsonMumbai, Maharashtra, India
    BFSI (Banking, Financial Services).We are seeking an accomplished and visionary.This strategic role requires a strong background in cybersecurity leadership, a deep understanding of the BFSI domain...Show moreLast updated: 9 days ago
    • Promoted
    Manager / Sr Manager Network Security

    Manager / Sr Manager Network Security

    ConfidentialMumbai
    Network Security Architecture & Strategy.Design and maintain secure network architectures across LAN, WAN, VPN, SD-WAN, and cloud environments. Evaluate and recommend new security tools, solutions, ...Show moreLast updated: 30+ days ago
    • Promoted
    IDBI Capital Markets - Deputy Manager / Manager - Cyber Security

    IDBI Capital Markets - Deputy Manager / Manager - Cyber Security

    IDBI Capital Markets and Securities LimitedMumbai, India
    ORGANISATION IDBI Capital Markets & Securities Limited Position IT Cybersecurity Professional (Cadre : Deputy Manager / Manager) <...Show moreLast updated: 30+ days ago
    • Promoted
    Incident Manager

    Incident Manager

    TalentojThane, IN
    Act as the primary point of contact for major incidents and escalations, ensuring rapid response and communication across technical and business teams. Lead and coordinate incident resolution effort...Show moreLast updated: 30+ days ago
    • Promoted
    Business Risk Manager (Technology)

    Business Risk Manager (Technology)

    RevolutThane, IN
    People deserve more from their money.More visibility, more control, and more freedom.Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products — including spending, ...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Enterprise Sales Manager (Cyber Security)

    Enterprise Sales Manager (Cyber Security)

    WhizHack TechnologiesMumbai, Maharashtra, India
    The Cybersecurity Enterprise Sales Representative is responsible for identifying, prospecting, and closing sales opportunities within the enterprise sector. This role involves understanding clients'...Show moreLast updated: 22 hours ago
    • Promoted
    Information Security Manager

    Information Security Manager

    ConfidentialMumbai
    India Information Security department.This role is a vital part of our Global Information Security Directorate.You will be responsible for managing day-to-day operations, ensuring the enforcement o...Show moreLast updated: 30+ days ago
    • Promoted
    Illumio- Zero Trust Microsegmentation

    Illumio- Zero Trust Microsegmentation

    CareerXperts ConsultingThane, IN
    Hiring : Manager - Zero Trust Microsegmentation.Bengaluru | 💼 5+ Years Experience.Lead Illumio microsegmentation implementations. Design & deploy Zero Trust policies.Analyze network infrastructure &...Show moreLast updated: 2 days ago