Job
Description
Job Title: TPRM Consultant Location: Mumbai – Work from the Office Experience: 2+ Years Job Overview: We are seeking a dedicated and detail-oriented Third-Party Risk Management (TPRM) GRC Specialist to join our team in Mumbai. The ideal candidate will have hands-on experience in managing vendor risks, executing GRC processes, and ensuring compliance with internal and external risk frameworks. You will collaborate with internal teams and external vendors to assess, monitor, and report on third-party risks to strengthen our overall risk posture. Key Responsibilities: Support the end-to-end third-party risk management lifecycle, including onboarding, due diligence, risk assessments, periodic reviews, and offboarding. Conduct third-party control evaluations based on established frameworks (e.g., ISO 27001, SOC 2, NIST). Collaborate with internal stakeholders such as Legal, Procurement, IT Security, and Compliance to ensure vendor alignment with organizational policies. Maintain and update the third-party risk register, capturing key risks, mitigation plans, and remediation actions. Prepare risk reports and dashboards for internal stakeholders and leadership. Assist in audits and compliance checks related to vendor risk management. Help improve TPRM processes and leverage GRC tools for automation and efficiency. Required Skills and Qualifications: Minimum 2 years of experience in Third-Party Risk Management, GRC, or related risk/compliance roles. Working knowledge of regulatory standards such as ISO 27001, SOC 2, GDPR, and NIST. Familiarity with GRC platforms (e.g., Archer, MetricStream, ServiceNow) is an advantage. Strong communication and interpersonal skills to effectively interact with internal teams and external vendors. Good analytical and documentation skills with attention to detail. Ability to prioritize tasks and manage time effectively in a fast-paced environment. Educational Qualifications: Bachelor’s degree in Information Security, Risk Management, Business Administration, or a related field. Relevant certifications (e.g., ISO 27001 Lead Auditor, CISA, CRISC) are a plus. Show more Show less
