Third Party Riak Management (TPRM) - Lead

At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you're passionate about developing your career, while helping others along the way, come join the Broadridge team.

About Us:
Broadridge Financial Solutions is a global fintech leader providing technology-driven solutions that help banks, broker dealers, asset managers, and public companies operate efficiently and transform their businesses. Broadridge is known for delivering critical infrastructure for investor communications, trading, governance, and capital markets operations. With a strong culture of innovation, operational excellence, and client focus, Broadridge empowers associates to solve complex business challenges and contribute to meaningful outcomes across the global financial ecosystem.

Position Overview:

We are seeking a highly skilled and motivated Third-Party Risk Management (TPRM) Lead to join our team. The ideal candidate will have 4 to 7 years of dedicated experience in developing, managing, and maturing a comprehensive TPRM program. This role requires a thorough understanding of vendor lifecycle management, risk assessment methodologies, and compliance requirements. This role offers the opportunity to collaborate with procurement, compliance, information security, and operational risk teams across multiple geographies, contributing to a mature and efficient TPRM framework. ​

Key Responsibilities

A. TPRM Program Management:

• Lead the day-to-day operations and continuous improvement of the TPRM program, ensuring alignment with organizational risk appetite and regulatory requirements.
• Develop, maintain, and enforce TPRM policies, standards, and procedures.
• Manage the end-to-end vendor risk lifecycle, from initial on-boarding through offboarding.
• Track remediation activities and engage stakeholders to ensure timeliness

B. Risk Assessment & Due Diligence:

• Conduct and oversee robust due diligence assessments of new and existing third parties, focusing on security, privacy, resilience, and regulatory compliance.
• Evaluate Service Organization Control (SOC) reports (e.g., SOC 1, SOC 2, SOC 3) and other assurance documentation to identify control gaps and inherent risks.
• Drive the reassessment process for critical and high-risk vendors based on defined frequency and trigger events.
• Ensure remediation of identified risks by tracking and validating corrective action plans.

C. Performance Monitoring & Reporting:

• Implement, and maintain vendor scorecards and performance metrics to continuously monitor vendor risk posture and adherence to contractual obligations.
• Prepare and present clear, data-driven reports on the overall TPRM status, high-risk vendors, and key performance indicators to senior management and relevant committees.

D. Incident Management & Response:

• Serve as the primary point of contact and lead for coordinating the response to security or operational incidents involving third parties.
• Validate vendor incident management processes and ensure timely and effective communication and resolution during a third-party breach or disruption.
• Collaborate with internal stakeholders and SME groups from different domains and work towards an action plan.

E. Knowledge of ProcessUnity (ERP Tool):

• This is not mandatory but having a hands-on experience is an added advantage.

F. Team Leadership & Governance:

• Provide day-to-day guidance to TPRM analysts and support workload prioritization.
• Act as delegate for the India TPRM Manager, overseeing BAU operations, escalations, and stakeholder engagement in their absence.
• Review team outputs for quality, consistency, and adherence to standards.
• Educate stakeholders and business owners on vendor risk requirements supporting first-line engagement
• Drive policy awareness

Required Qualifications:

• A minimum of 4 years and a maximum of 7 years of direct experience managing a TPRM or Vendor Risk Management program.
• Thorough knowledge of TPRM program components and industry best practices (e.g., ISO 27001, SOA, shared assessments).
• Expertise in interpreting and utilizing SOC report data, specifically understanding the scope, control objectives, and impact on the organization.
• Proven ability to execute a comprehensive due diligence process across various risk domains (Information Security, Business Continuity, Compliance, Financial Stability).
• Demonstrated experience with incident management and crisis response in the context of third-party events.
• Familiarity with creating and analyzing vendor scorecards for performance and risk tracking.
• People leadership experience is highly desirable.
• Strong analytical, organizational, and communication skills. Ability to effectively negotiate and influence internal stakeholders and external vendors.

We are dedicated to fostering a collaborative, engaging, and inclusive environment and are committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company-and ultimately a community-that recognizes and celebrates everyone's unique perspective.

Use of AI in Hiring

As part of the recruiting process, Broadridge may use technology, including artificial intelligence (AI)-based tools, to help review and evaluate applications. These tools are used only to support our recruiters and hiring managers, and all employment decisions include human review to ensure fairness, accuracy, and compliance with applicable laws. Please note that honesty and transparency are critical to our hiring process. Any attempt to falsify, misrepresent, or disguise information in an application, resume, assessment, or interview will result in disqualification from consideration.