Third Party Risk Management

Position Purpose: This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas

Responsibilities

Direct Responsibilities

· As a Third-Party Technology Risk Assessor, you will perform third-party information and cyber security assessment to identify, monitor, remediate, and manage third party risks across the third-party lifecycle.

· Risk Assessor role requires good risk experience & technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload.

· Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains.

· Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements.

· Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable.

· Monitor and track the identified findings as part of the assessment lifecycle.

Contributing Responsibilities

· Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures

· Support Internal and external TPTRM audit requirements

· Compile and generate Weekly/Monthly/Quarterly dashboard on KPI

Technical & Behavioral Competencies

· Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background.

· Bachelor's degree with professional certification in Information, Cyber, Network and Cloud Security.

· Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc.

· Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc.

· Experience in Governance, Risk & Compliance (GRC) tools an advantage.

· Experience in providing stakeholders with specialist risk knowledge and monitoring its execution.

· Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders.

· Ability to work independently in a fast adapting and agile work environment.

· Proactive and deliverable focused, with a dedication to delivering against hard deadlines.

· Excellent analysis skills with keen eye for detail.

· Strong capabilities in Microsoft Excel, PowerPoint, and Word.

· Familiarity with vendor management, procurement, and contract negotiation.

· Ability to communicate effectively with both technical and non-technical stakeholders.

· Strong analytical and problem-solving skills.

Specific Qualifications:

· Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus

· Frameworks – ISO27001, NIST, GDPR, DORA, DPDP

Skills Referential (Required knowledge, skills and abilities)

Technical Skills:

o Risk identification, assessment, mitigation, monitoring

o Security‑framework knowledge: ISO 27001, NIST CSF, SOC 2, PCI‑DSS, HITRUST and other industry standards.

o Regulatory & compliance expertise: GDPR, CCPA, FFIEC, HIPAA, local data‑privacy laws, etc. industry‑specific mandates.

o Audit & GRC tooling: Experience with GRC platform, questionnaire management, evidence‑collection portals, and audit‑trail documentation.

Behavioral Skills:

• Ability to collaborate / Teamwork
• Communication skills - oral & written
• Attention to detail / rigor
• Creativity & Innovation / Problem solving

Education Level: Bachelor Degree or equivalent

Location: MUMBAI, CHENNAI, BANGALORE