Assistant Manager

About the Role

Experience-5 to 8 Yrs

Location-Chennai (Alwarpet)

Work mode- 5 Days (Work from Office)

We are seeking an experienced TPRM Assistant Manger/Lead to lead our third-party risk management program in line with Indian financial sector regulations and global best practices. This role involves overseeing the full lifecycle of vendor risk — from onboarding and due diligence to ongoing monitoring and exit — ensuring that our third-party relationships meet our security, compliance, and performance requirements.

You will work closely with business, legal, procurement, information security, compliance, and audit teams to identify, assess, mitigate, and monitor risks associated with third-party vendors, service providers, and outsourcing partners.

Key Responsibilities

1. Strategy & Governance

Develop, implement, and maintain the TPRM framework in alignment with:

• RBI Master Directions on IT Outsourcing (2023) & IT Governance
• DPDPA 2023
• ISO/IEC 27001:2022, ISO 27701:2019
• SOC 2, PCI DSS (as applicable)
• Maintain TPRM policy, procedures, and standard operating guidelines.
• Drive awareness and training programs for internal stakeholders on vendor risk.

2. Vendor On boarding & Due Diligence

Define and enforce vendor onboarding requirements including:

• Business justification and criticality classification
• Security, privacy, and compliance questionnaires
• Document collection (agreements, certifications, audit reports)
• Coordinate with Legal and Procurement to ensure contracts include appropriate risk, data protection, and exit clauses.

3.Risk Assessment & Scoring

• Perform inherent and residual risk assessments for all vendors.
• Define risk rating methodology (low/medium/high/critical) and maintain a vendor risk register.
• Review vendors’ security posture, privacy practices, and financial stability.

4.Ongoing Monitoring

Establish and execute continuous monitoring plans:

• Annual/periodic security assessments
• SLA/KPI performance reviews
• Compliance certificate and audit report collection
• OSINT / threat intelligence checks for reputational and cyber risk
• Track remediation of identified gaps and issues.

5.Incident Management & Exit

Oversee vendor-related incidents, breaches, and near-misses, ensuring timely reporting and root cause analysis.

Coordinate vendor exit processes, ensuring secure data return/destruction and service transition.

6.Reporting & Audit

Prepare periodic TPRM dashboards for senior management, CRO, and Board committees.

Support internal, client, and regulatory audits by providing evidence of TPRM controls.

Qualifications

Education:

• Bachelor’s degree in any stream (mandatory).
• Certifications (preferred but not mandatory):
• CRISC, CISM, ISO 27001 Lead Auditor, or equivalent.

Experience:

5–8 years in vendor risk management, IT risk, information security, or compliance.

Strong understanding of outsourcing risk regulations, data privacy laws, and cloud/vendor security.

Skills:

• Knowledge of RBI, NPCI, and global compliance requirements.
• Ability to evaluate third-party risk frameworks and technical controls.
• Strong stakeholder management, negotiation, and presentation skills.
• Analytical mindset with attention to detail.