Risk Manager/Third-Party Risk Management Specialist (4-8 yrs)

Job Description: Third-Party Risk Management (TPRM) Specialist

Location: Mumbai (Goregaon)

Experience: 4 to 8 years

Employment Type: Full-Time

About the Role

We are seeking a highly skilled and experienced Third-Party Risk Management (TPRM) Specialist to join our team. The ideal candidate will have a strong background in assurance, information security, and vendor/supplier/third-party risk assessment. This role requires expertise in cybersecurity standards, technical domains, and emerging technologies, along with exposure to TPRM-specific regulations and tools. The candidate will play a critical role in assessing and mitigating risks associated with third-party engagements while ensuring compliance with global regulations and industry standards.

Key Responsibilities:

- Conduct comprehensive risk assessments of third-party vendors, suppliers, and partners, including risk profiling and country risk assessments.

- Evaluate third-party compliance with cybersecurity standards such as ISO27001, PCI-DSS, ISO22301, and privacy regulations.

- Assess technical domains including network security, cloud security, application security, and control testing.

- Analyze risks associated with emerging technologies such as robotics, IoT, DLT, Social, and Mobile platforms.

- Ensure adherence to TPRM-specific regulations (e.g., FED, MAS, OCC) and outsourcing/technology regulations.

- Work with TPRM tools and platforms such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, and Coupa.

- Perform IT compliance audits, ITGC testing, and assurance activities, leveraging strong auditing skills.

- Collaborate with cross-functional teams to identify, assess, and mitigate third-party risks.

- Prepare detailed reports and documentation for risk assessments, audits, and compliance reviews.

- Travel within India or abroad as required for projects and assignments.

Qualifications:

- Bachelor's degree in Computer Science, Information Technology, or a related field.

- 4 to 8 years of experience in assurance, information security, vendor/supplier/third-party risk assessment, or related fields.

- Expertise in cybersecurity standards such as ISO27001, PCI-DSS, ISO22301, and privacy regulations.

- Knowledge of technical domains like network security, cloud security, and application security.

- Familiarity with TPRM-specific regulations (FED, MAS, OCC) and experience assessing third parties such as brokers, exchanges, etc.

- Hands-on experience with TPRM tools and platforms like KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, and Coupa.

- Strong auditing skills, with experience in IT compliance, ITGC testing, and assurance.

- Prior experience in IT Audit, SOC 1, and SOC 2 is a plus.

- Relevant certifications such as CISA, CISSP, CISM, ISO27001 LA/LI, or Cloud Security certifications are highly desirable.

- Excellent problem-solving, logical reasoning, and analytical skills.

- Strong written and verbal communication skills, with the ability to collaborate effectively in team environments.

- Willingness to travel as needed for projects and assignments.

- Demonstrated integrity, values, principles, and work ethic, with the ability to lead by example.