L1 Third Party Risk Management (TPRM) Analyst
Location: Client site, Gurugram Office
Work mode: Work from office
Budget: 7 LPA
Key Responsibilities:
- Assist in executing third-party/vendor risk assessments as per defined procedures and checklists.
- Review and validate vendor responses to security and compliance questionnaires (e.g., SIG, CAIQ, ISO 27001).
- Collect, track, and organize due diligence evidence (policies, certifications, SOC 2 reports, etc.) from vendors.
- Identify and document potential security or compliance gaps for review by L2/L3 analysts.
- Maintain and update the vendor risk register and assessment tracker.
- Support the remediation follow-up process with vendors and internal stakeholders.
- Participate in periodic reviews of critical vendors as per risk tiering.
- Support in preparing dashboards, reports, and audit documentation for management and clients.
- Coordinate with internal cybersecurity, legal, and procurement teams for vendor onboarding and compliance validation.
Required Skills & Qualifications:
- Bachelor's degree in Computer Science, Information Technology, or Cybersecurity (or equivalent).
- 12 years of experience in cybersecurity governance, risk management, or audit).
- Basic understanding of information security concepts (ISO 27001, NIST CSF, SOC 2, GDPR, etc.).
- Familiarity with third-party risk management or vendor due diligence processes preferred.
- Strong communication, documentation, and analytical skills.
- Attention to detail and ability to follow structured processes and workflows.
Good-to-Have:
- Exposure to GRC or TPRM tools (e.g., Archer, OneTrust, ServiceNow VRM, ProcessUnity, MetricStream).
- Knowledge of risk assessment methodologies and control frameworks (CIS, NIST, ISO).
- Basic cybersecurity certification (e.g., CompTIA Security+, ISO 27001 Foundation, or CSA STAR) will be an added advantage.
--
Kirti Rustagi
[Confidential Information]
