Third-Party Risk Management (TPRM) Analyst / Senior Analyst- IMMEDIATE JOINERS ONLY
Experience Level: 35 Years
Location: Bengaluru, Hybrid, Remote
Job Type: Full-Time
Job Summary
We are seeking a proactive and analytical Third-Party Risk Management (TPRM) Analyst to join our risk and compliance team. The ideal candidate will have 3-5 years of direct experience in vendor risk management, information security, or IT audit. This role involves managing the day-to-day execution of the TPRM lifecycle, conducting comprehensive vendor risk assessments, and ensuring compliance with established internal policies and regulatory requirements. The analyst will collaborate with cross-functional stakeholders to identify, assess, and mitigate potential risks associated with our third-party vendors.
Key Responsibilities
- Risk Assessments & Due Diligence: Conduct end-to-end third-party risk assessments during onboarding and periodic reviews, including inherent risk scoring and detailed due diligence.
- Compliance & Frameworks: Evaluate vendor compliance with internal policies and
industry standards, including regulatory frameworks such as ISO 27001, NIST, SOC 2, and GDPR.
- Risk Mitigation & Monitoring: Identify control gaps in vendor responses, recommend actionable mitigation strategies, and track the remediation of identified issues in collaboration with internal stakeholders and vendors.
- Documentation & Reporting: Maintain accurate documentation of all TPRM activities, including risk assessments, contracts, and supporting evidence (e.g., SOC reports, insurance documents). Prepare risk reports and dashboards for management and governance committees.
- Stakeholder Collaboration: Partner with internal teams (e.g., Procurement, Legal, Information Security, Business Units) to facilitate due diligence activities and ensure alignment with the enterprise risk management program.
- Process Improvement: Proactively identify opportunities to improve and streamline TPRM processes and procedures, contributing to the continuous maturity of the program.
Required Qualifications and Skills
- Education & Experience: A Bachelor's degree in any discipline with 3-5 years of relevant experience in Third-Party Risk Management, Vendor Risk Management, IT Risk Compliance, or internal audit.
- Technical Knowledge: Strong understanding of risk management principles, information security controls, and control testing methodologies.
- Analytical Skills: Excellent analytical and problem-solving skills with strong attention to detail, capable of analysing complex information and making data-driven decisions.
- Communication: Strong verbal and written communication skills, with the ability to effectively communicate complex risk concepts to technical and non-technical audiences.
- Project Management: Proven ability to manage multiple concurrent projects, prioritize tasks, and meet deadlines.
Preferred Qualifications and Certifications
- Certifications: Professional certifications such as Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA) or CRISC are highly desirable.
- Industry Knowledge: Familiarity with specific regulatory guidance relevant to the financial services, regulations like OCC or FFIEC.
