Third Party Risk Management (TPRM) Analyst

L1 – Third Party Risk Management (TPRM) Analyst

Location : Client site, Gurugram Office

Work mode : Work from office

Budget : 7 LPA

Key Responsibilities :

Assist in executing third-party / vendor risk assessments as per defined procedures and checklists.

Review and validate vendor responses to security and compliance questionnaires (e.g., SIG, CAIQ, ISO 27001) .

Collect, track, and organize due diligence evidence (policies, certifications, SOC 2 reports, etc.) from vendors.

Identify and document potential security or compliance gaps for review by L2 / L3 analysts.

Maintain and update the vendor risk register and assessment tracker.

Support the remediation follow-up process with vendors and internal stakeholders.

Participate in periodic reviews of critical vendors as per risk tiering.

Support in preparing dashboards, reports, and audit documentation for management and clients.

Coordinate with internal cybersecurity, legal, and procurement teams for vendor onboarding and compliance validation.

Required Skills & Qualifications :

Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity (or equivalent).

1–2 years of experience in cybersecurity governance, risk management, or audit ).

Basic understanding of information security concepts (ISO 27001, NIST CSF, SOC 2, GDPR, etc.).

Familiarity with third-party risk management or vendor due diligence processes preferred.

Strong communication, documentation, and analytical skills.

Attention to detail and ability to follow structured processes and workflows.

Good-to-Have :

Exposure to GRC or TPRM tools (e.g., Archer, OneTrust, ServiceNow VRM, ProcessUnity, MetricStream).

Knowledge of risk assessment methodologies and control frameworks (CIS, NIST, ISO).

Basic cybersecurity certification (e.g., CompTIA Security+, ISO 27001 Foundation, or CSA STAR ) will be an added advantage.

Kirti Rustagi

kirti.rustagi@raspl.com