Job
Description
Hiring for Application Security role at Mumbai location !!! Job Title: Senior Manager Third Party Technology Risk Management Location: Mumbai Experience Required: 7 - 9 Years Industry: Financial Services / BFSI Job Type: Full-Time Work Mode: Hybrid Note: 2 levels of interview with client - 1st round - Virtual / 2nd round - F2F is Must . Job Overview: We are looking for a seasoned and driven Senior Manager to lead our Third-Party Technology Risk Management efforts. If you have strong experience in managing vendor risks, IT security frameworks, and global compliance standards in a financial services environment this opportunity is for you! Key Responsibilities: Conduct and lead Third-Party Risk Assessments for new and existing vendors. Evaluate IT security controls using industry frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.). Develop and manage vendor risk dashboards and reports for senior stakeholders. Collaborate with cross-functional teams across regions to ensure compliance and risk mitigation. Ensure vendors meet our cybersecurity, network, and cloud security expectations. Coordinate vendor audits, risk reviews, and maintain detailed documentation. Work effectively with multicultural, cross-time-zone teams. Communicate risk findings and remediation plans to senior management. Maintain high standards of confidentiality, integrity, and professionalism. Required Skills & Qualifications: Bachelor's degree in IT, Information Security, or related field. Certifications such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor. 1012+ years in Technology Risk, with strong focus on Third-Party Risk Management. In-depth knowledge of NIST, ISO 27001, PCI DSS, SOC 2, COBIT, GDPR. Strong grasp of cybersecurity, network, and cloud security principles. Experience working with compliance, procurement, and legal teams. Excellent verbal and written communication skills for senior stakeholder engagement. Proficient in Microsoft Word, PowerPoint, and Project. Proven ability to manage conflict, build strong vendor/client relationships, and influence decision-making. Preferred Skills (Nice to Have): Familiarity with GRC tools (e.g., Archer, ServiceNow, OneTrust). Experience working with cloud service providers (AWS, Azure, GCP). Knowledge of outsourced IT risk, data privacy, and regulatory trends.
