Third Party Risk Management (TPRM) Manager

Job Title

Third Party Risk Management (TPRM) Manager

Location

Mumbai / Bangalore

Experience

5+ years (relevant experience in TPRM, ISMS, ISO 27001, and GRC)

Employment Type

Full-time

Role Overview

The TPRM Manager will be responsible for managing end-to-end third-party risk management activities, ensuring that vendor risks are identified, assessed, mitigated, and monitored in line with organizational policies, regulatory expectations, and industry best practices. The role requires strong expertise in ISMS, ISO 27001, and GRC frameworks, along with stakeholder management and independent execution capability.

Key Responsibilities

Third Party Risk Management (TPRM)

• Lead end-to-end TPRM lifecycle including onboarding, due diligence, risk assessment, risk rating, remediation tracking, and periodic reviews.
• Perform inherent and residual risk assessments for vendors, suppliers, service providers, and partners.
• Review vendor security, privacy, and compliance controls through questionnaires, evidence validation, and onsite/remote assessments.
• Track and manage risk treatment plans, exceptions, and remediation closure with defined timelines.

ISMS & ISO 27001

• Support implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS).
• Conduct ISO 27001 internal audits, vendor audits, and readiness assessments.
• Ensure alignment of third-party controls with ISO 27001 Annex A requirements.
• Support certification audits, surveillance audits, and corrective action management.

GRC & Risk Management

• Align third-party risk assessments with enterprise GRC frameworks and risk appetite.
• Map vendor risks to regulatory, contractual, and internal policy requirements.
• Support integration of TPRM activities into GRC tools and workflows (where applicable).
• Prepare risk dashboards, management reports, and executive summaries.

Stakeholder & Governance Management

• Engage with procurement, legal, IT, cybersecurity, compliance, and business teams.
• Support contract reviews for security and risk-related clauses.
• Present risk findings and recommendations to senior management and risk committees.
• Act as a subject matter expert for third-party risk during audits and regulatory reviews.

Required Skills & Experience

• 5+ years of experience in TPRM / Vendor Risk / IT Risk / Cyber Risk roles.
• Strong hands-on experience with ISMS and ISO 27001 implementation and audits.
• Solid understanding of GRC frameworks, risk assessment methodologies, and control testing.
• Experience assessing third-party risks related to information security, privacy, operational resilience, and compliance.
• Familiarity with regulatory and industry standards (ISO 27001, SOC, GDPR, RBI/SEBI guidelines where applicable).
• Strong documentation, reporting, and stakeholder communication skills.
• Ability to work independently and manage multiple vendors and assessments in parallel.

Preferred Qualifications / Certifications (Good to Have)

• ISO 27001 Lead Implementer / Lead Auditor
• CISA, CRISC, CISSP, CISM
• Experience working with GRC or TPRM tools (e.g., ServiceNow GRC, Archer, MetricStream)