Third Party Risk Management (TPRM) Analyst

L1 – Third Party Risk Management (TPRM) Analyst

Location:

Work mode:

Budget:

Key Responsibilities:

• Assist in executing

  third-party/vendor risk assessments

  as per defined procedures and checklists.
• Review and validate vendor responses to

  security and compliance questionnaires (e.g., SIG, CAIQ, ISO 27001)

  .
• Collect, track, and organize

  due diligence evidence

  (policies, certifications, SOC 2 reports, etc.) from vendors.
• Identify and document potential security or compliance gaps for review by L2/L3 analysts.
• Maintain and update the

  vendor risk register

  and assessment tracker.
• Support the

  remediation follow-up process

  with vendors and internal stakeholders.
• Participate in periodic reviews of critical vendors as per risk tiering.
• Support in preparing dashboards, reports, and audit documentation for management and clients.
• Coordinate with internal cybersecurity, legal, and procurement teams for vendor onboarding and compliance validation.

Required Skills & Qualifications:

• Bachelor’s degree in

  Computer Science, Information Technology, or Cybersecurity

  (or equivalent).
• 1–2 years of experience in

  cybersecurity governance, risk management, or audit

  ).
• Basic understanding of information security concepts (ISO 27001, NIST CSF, SOC 2, GDPR, etc.).
• Familiarity with

  third-party risk management

  or

  vendor due diligence

  processes preferred.
• Strong communication, documentation, and analytical skills.
• Attention to detail and ability to follow structured processes and workflows.

Good-to-Have:

• Exposure to

  GRC or TPRM tools

  (e.g., Archer, OneTrust, ServiceNow VRM, ProcessUnity, MetricStream).
• Knowledge of

  risk assessment methodologies

  and

  control frameworks

  (CIS, NIST, ISO).
• Basic cybersecurity certification (e.g.,

  CompTIA Security+, ISO 27001 Foundation, or CSA STAR

  ) will be an added advantage.

--

Kirti Rustagi

kirti.rustagi@raspl.com