Risk Advisory Extended Enterprise | TPRM | Assistant Manager ( Hybrid: Bangalore)

Role Description –

• Lead and support the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in accordance with ISO 27001 standards
• Drive and oversee Third-Party Risk Management (TPRM) activities, including comprehensive vendor risk assessments, due diligence, and ongoing risk monitoring
• Lead cybersecurity risk assessments and gap analyses to evaluate compliance with internal policies, industry best practices, and regulatory frameworks
• Act as a key liaison with clients, managing multiple projects, stakeholder relationships and expectations to ensure delivery of high-quality risk and compliance services
• Collaborate cross-functionally with client departments such as compliance, internal audit, legal, and regulatory teams to identify, interpret, and document security and compliance requirements
• Manage and conduct risk assessments and audits encompassing people, process, and technology, identifying risks, gaps, and opportunities for improvement
• Prepare and review detailed information security risk assessment and audit reports, including recommendations for mitigating controls
• Oversee the planning, development, and execution of vendor security reviews and assessments, including defining methodologies and vendor evaluation models
• Mentor and provide guidance to junior team members, sharing expertise especially on complex, judgmental, and specialized security issues
• Participate actively in strategy development and continuous improvement initiatives for security risk management practices

Desired qualifications

• 6+ Relevant years of experience in Third party risk management
• Relevant years of experience in IT Audits, Cybersecurity gap assessments, Cloud Security
• Experience with ISO27001 implementation and audits
• Experience with ISO22301 implementation and audits
• Leadership experience in Third-Party Risk Management (TPRM) and vendor risk governance
• Understanding of application security and secure development lifecycle (SDLC) principles
• Expertise in developing and enhancing security policies, standards, and procedures
• Excellent stakeholder management, communication, and client engagement skills
• Strong report writing and presentation capabilities for complex audit and risk findings
• Ability to lead, mentor, and develop security risk management team
• Relevant professional certifications such as CISSP, CISA, CISM, ISO 27001 Lead Auditor highly preferred

Location and way of working

• Base location: Bangalore
• Professional is required to work from office