Manager - Third Party Risk Management (TPRM)

Job Title : Manager – Third Party Risk Management (TPRM) Location : Bangalore

Experience : 6+ Years

Department : Information Risk Management / Information Security

About the Role :

We are seeking an experienced TPRM Manager to lead and enhance our Third-Party Risk Management framework. The ideal candidate will have a strong background in Information Risk Management (IRM) , Information Security (InfoSec) , and vendor risk assessment , with the ability to evaluate and mitigate risks associated with third-party engagements across business functions.

Key Responsibilities :

Lead end-to-end Third Party Risk Management lifecycle including onboarding, due diligence, assessment, monitoring, and offboarding.

Perform detailed risk assessments of vendors based on defined risk criteria — including Information Security, Privacy, and Regulatory requirements.

Collaborate with internal stakeholders (Procurement, Legal, Compliance, IT Security) to ensure adherence to enterprise risk standards.

Identify and assess information security and operational risks associated with third parties and recommend appropriate mitigation actions.

Develop and maintain the TPRM framework , policies, and risk assessment methodologies in line with industry best practices (ISO 27001, NIST, etc.).

Review vendor SOC reports, ISO certifications, penetration test results, and other assurance documents to validate control effectiveness.

Track, monitor, and report on vendor risks, remediation progress, and performance metrics to senior management.

Support internal and external audits related to TPRM, IRM, and InfoSec programs.

Drive continuous improvement initiatives in the TPRM process using automation and data analytics where possible.

Required Skills & Experience :

6+ years of experience in Third Party Risk Management , Information Risk Management , or Information Security .

Strong understanding of risk assessment frameworks (ISO 27001, NIST, COBIT, CSA, etc.).

Hands-on experience in conducting vendor security assessments , control testing , and remediation follow-ups .

Working knowledge of data protection, cybersecurity principles , and compliance standards (GDPR, RBI, SEBI, etc.).

Excellent analytical, communication, and stakeholder management skills.

Experience in using TPRM tools or GRC platforms is an advantage (e.g., Archer, ServiceNow, OneTrust, MetricStream).

Preferred Certifications :

ISO 27001 Lead Auditor / Implementer

CISA / CISM / CRISC / CISSP (preferred)

Any Third-Party Risk or Vendor Risk certification will be an added advantage

Key Attributes :

Strong problem-solving and decision-making skills

Ability to work independently and in cross-functional teams

Excellent stakeholder and vendor management capability

Attention to detail with a focus on compliance and risk mitigation