Lead- Third Party Risk Management (TPRM)

Roles and Responsibilities:

• Enhance the third-party risk management framework that aligns with regulatory, legal, and business requirements.
• Conduct internal scoping assessments with business and project owners to accurately tier suppliers and categorize them based on risk levels and business criticality Conducting in-depth supplier IT risk assessments by reviewing supplier answers to the cyber supplier questionnaire, documenting controls and identifying gaps and inconsistencies.
• Developing a new, streamlined onboarding process using workflow automation, rules, formulas, and interactive questionnaires, significantly reducing onboarding time and automating third-party vendor risk profiling.
• Conduct initial and ongoing risk assessments of third-party vendors, ensuring compliance with industry standards and best practices.
• Develop and maintain ongoing monitoring mechanisms for third-party risks, ensuring timely remediation of identified issues.
• Developing and implementing remediation plans for identified security gaps working directly with vendors to enforce corrective actions. Performing in depth due diligence reviews on vendors to proactively identify any potential risks associated with services. These reviews will cover risk and gap assessments, threat profiling and analysis, security incident history reviews and thorough evaluations of supplier policies and procedures, current security controls, third party pen testing reports, vulnerability management reports, and information security reports such as SOC2 Reports, NIST or ISO 27001 reports, PCI DSS etc).
• Maintaining detailed records of vendor assessments, risk profiles and mitigation plans to ensure transparency and regulatory compliance.

Qualifications

• Experience:

  A minimum of 3 years of experience in Information Security / Risk Management & Cyber Security.

• Education:

  B. Tech/M.Tech, MCA

• Process Modeling:

  Strong expertise in Legal compliance, Information Security, Cybersecurity, Computer Science, or related field

Nice to Have

Proficiency in ISO 27001, SOC 2, NIST, GDPR, and PCIDSS. Experience with aviation systems, GRC platforms (Archer, OneTrust). CISSP/CISA/CRISC preferred.