AVP - Team Manager - Third Party Technology Risk Management

Job Title: TPTRM Team Manager

Department: IT Security - TPTRM

About Business line/Function: IT Security

Position Purpose

The TPTRM Team Manager is accountable for the endtoend governance of thirdparty risk across all assigned territories. The role ensures that thirdparty risk assessments are systematically tracked, monitored, and completed within agreed timelines, while providing clear escalation pathways and reporting to the appropriate riskcentric committees at territory, regional, and global levels.Through strong collaboration with procurement, outsourcing, and local security stakeholders both within the group and in each geography the manager drives a consistent, proactive riskmanagement program that protects the firm's operational integrity and regulatory compliance. The manager's leadership ensures the function operates as a strategic partner to the business, delivering timely, actionable risk insight while cultivating a skilled and motivated riskmanagement team.

Responsibilities

Direct Responsibilities

• Lead the worldwide program own the endtoend process for vendor risk assessments, continuous monitoring, reporting, and remediation across all regions (Americas, EMEA, APAC).
• Define, enforce and monitor Service Level Agreements (SLA) for every stage of the assessment lifecycle (scoping, datacollection, review, signoff). Ensure SLA compliance across all territories and drive corrective actions when deadlines are missed.
• Guarantee that the global program adheres to Groupwide policies and to local regulatory requirements (GDPR, CCPA, APACspecific datalocalisation rules, etc.). Maintain an uptodate matrix of regional regulatory obligations and embed them into the assessment templates.
• Maintain a unified assessment dashboard that tracks progress of all ThirdParty Security Reviews worldwide. Promptly identify overdue or highrisk assessments, trigger escalations, and communicate status to the appropriate local, regional, and global managers.
• Partner with local security teams in every geography to cascade the global framework, policies, and procedures. Provide training, Q&A sessions, that ensures consistent execution of security controls for vendors.
• Work with Business Continuity Management (BCM) and Application Security teams across regions to guarantee that thirdparty vendors receive appropriate BCM and AppSec reviews. Align their findings with the overall TPRM risk rating and remediation plans
• Perform a global quality review of assessment reports generated. Verify that all key risk domains are adequately covered and are applied consistently.
• Coordinate with the enterprise RISKORC and Internal Audit to conduct controltesting of TPRM activities. Ensure that testing is aligned with global and regional policies, and that any deficiencies are tracked to closure.
• Serve as the global contact for all TPRMrelated queries from corporate, regional, and local teams, as well as from external auditors, regulators, and business partners. Provide clear, timely guidance and maintain a knowledgebase of frequently asked questions.
• Present vendorrisk findings and trend analyses at global riskcentric forums (and at regional/territory committees. Prepare executive summaries, heatmaps, and riskaction plans for senior leadership.
• Own the TPRM technology stack (assessment platform, workflow engine, data repository). Lead enhancements, integrations and ensure that all documentation, assessment artefacts, and evidence are stored in a centralized, searchable database.
• Maintain a master repository of all policies, procedures, assessment templates, scoring guides, and historical assessment data. Ensure version control, audit trails, and accessibility for all authorized stakeholders.
• Consolidate regional regulatory reporting into a global TechnologyRisk Committee submission. Produce quarterly and adhoc reports that satisfy regulatory bodies (and internal governance requirements.
• Continuously scan for emerging thirdparty risk trends (e.g., supplychain attacks, geopolitical exposure). Escalate unresolved or nonresponsive vendors to senior management with recommended mitigation actions (contract termination, additional controls, thirdparty remediation).
• Build and lead a globally distributed TPRM team (analysts, coordinators, regional liaisons). Set objectives, conduct performance reviews, provide coaching, and champion professional development (certifications, crossregional rotations).
• Drive a culture of continuous improvement by capturing lessons learned, benchmarking against industry best practices (e.g., ISO27036, Shared Assessments), and proposing enhancements to the global TPRM framework, metrics, and governance model.
• Manage the budget for TPRM tools, external consultants, and thirdparty assessment services.
  
  

Contributing Responsibilities

• Work closely with Global Business Information Security teams to adopt and disseminate bestpractice outsourcingriskmanagement guidelines that address the requirements of multiple regulators worldwide.
• Contribute to groupwide initiatives aimed at enhancing the ThirdParty Risk Management policies, processes, and methodologies, ensuring they serve the best interests of the entire BNPP Group.
• Participate in global, regional and local statutory, informationsecurity, and regulatory audits to verify compliance with the ThirdParty Risk Management framework across all territories.
  
  

Technical & Behavioral Competencies

• Professional Certifications - Certified Third Party Risk Professional (CTPRP), CISA, CRISC, CIPM, ISO27001 Lead Implementer, or equivalent security/compliance certifications desirable.
• Experience - 12+ years of experience in third party risk, vendor security assessments or GRC.
• Minimum 5years of people management experience, leading a distributed team of 5 / 10+ professionals.
• Analytical & Communication - Ability to translate complex technical risk findings into clear business language for senior executives.
• Excellent written and verbal communication skills; experience delivering board level presentations.
• Project Management - Proven track record delivering process improvement projects on time and within budget. PMP or PRINCE2 certification is an advantage.
• Negotiation & Influence - Demonstrated ability to influence cross functional stakeholders and drive compliance without direct authority.
  
  

Technical Skills

Skills Referential (Required knowledge, skills and abilities)

• Domain Knowledge - Deep understanding of third party risk frameworks, security by design, data privacy regulations, and supply chain risk. Experience with global, multi-jurisdictional programmes.
• Technical Skills - Proficiency with TPRM platforms (e.g., OneTrust Vendor Risk, RSA Archer, Process Unity).
• Strong data analysis capability (Excel, PowerBI, Tableau, or similar).
• Familiarity with cloud security (AWS, Azure, GCP) and SaaS vendor assessments.
  

Behavioral Skills

• Strategic Thinking - Anticipates evolving risk landscape; aligns TPRM roadmap with corporate strategy.
• Leadership - Inspires, mentors, and develops a high performing, culturally diverse team.
• Collaboration - Works effectively across procurement, legal, security, IT, and business units worldwide.
• Decision Making - Makes timely, data driven decisions, balancing risk appetite and business needs.
• Attention to Detail - Ensures rigorous quality controls and accurate reporting of assessment outcomes.
• Change Management - Leads adoption of new processes, tools, and policies across global locations.
• Ethical Integrity Maintains confidentiality and adheres to the highest ethical standards.
  

Education Level: Bachelor's degree in computer science, information Technology or Technology Management, Risk Management, Business Administration, Engineering or related field. Infosec Specialization (preferred)

Location: Mumbai

About BNP Paribas Group

BNP Paribas is the European Union's leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group's commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union's leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.