Third Party Risk Management (TPRM) Analyst

L1 – Third Party Risk Management (TPRM) Analyst

Location :

Client site, Gurugram Office

Work mode : Work from office

Budget : 7 LPA

Key Responsibilities :

Assist in executing

third-party / vendor risk assessments

as per defined procedures and checklists.

Review and validate vendor responses to

security and compliance questionnaires (e.g., SIG, CAIQ, ISO 27001) .

Collect, track, and organize

due diligence evidence

(policies, certifications, SOC 2 reports, etc.) from vendors.

Identify and document potential security or compliance gaps for review by L2 / L3 analysts.

Maintain and update the

vendor risk register

and assessment tracker.

Support the

remediation follow-up process

with vendors and internal stakeholders.

Participate in periodic reviews of critical vendors as per risk tiering.

Support in preparing dashboards, reports, and audit documentation for management and clients.

Coordinate with internal cybersecurity, legal, and procurement teams for vendor onboarding and compliance validation.

Required Skills & Qualifications :

Bachelor’s degree in

Computer Science, Information Technology, or Cybersecurity

(or equivalent).

1–2 years of experience in

cybersecurity governance, risk management, or audit ).

Basic understanding of information security concepts (ISO 27001, NIST CSF, SOC 2, GDPR, etc.).

Familiarity with

third-party risk management

or

vendor due diligence

processes preferred.

Strong communication, documentation, and analytical skills.

Attention to detail and ability to follow structured processes and workflows.

Good-to-Have : Exposure to

GRC or TPRM tools

(e.g., Archer, OneTrust, ServiceNow VRM, ProcessUnity, MetricStream).

Knowledge of

risk assessment methodologies

and

control frameworks

(CIS, NIST, ISO).

Basic cybersecurity certification (e.g.,

CompTIA Security+, ISO 27001 Foundation, or CSA STAR ) will be an added advantage.

Kirti Rustagi