61 Tprm Jobs

Functional Responsibilities: Collaborate with business stakeholders to gather and document detailed requirements across risk domains (ABAC, Cybersecurity, Privacy, R&D, EHS, etc.) Translate business needs into functional specifications and user stories Design and validate workflows for risk assessments, approvals, and escalations Support the configuration of front-end questionnaires and logic-based risk triggers Assist in defining KPIs, reporting needs, and audit trail requirements Technical Responsibilities: Implement and configure the ServiceNow Risk Management module Lead or support API integrations with tools such as: OneTrust, Archer, CyberGRX, Security Scorecard Veeva Vault, Rapid Ratings, Ariba, Onit, SharePoint Ensure data mapping, transformation, and validation between systems Support testing (UAT, SIT) and defect resolution Ensure compliance with data privacy, security, and audit requirements

The GRC (Governance, Risk, and Compliance) Cyber Security Consultant is responsible for providing expert guidance and support in the areas of cyber security risk management, compliance, and governance. This role involves working closely with clients to assess their current cyber security posture, identify vulnerabilities and risks, and develop strategies to mitigate those risks. Responsibilities: 1. Assess clients' cyber security framework and identify gaps in compliance 2. Develop and implement comprehensive cyber security policies and procedures 3. Conduct risk assessments to identify potential threats and vulnerabilities 4. Create risk mitigation plans and provide recommendations for improvement 5. Assist clients in achieving compliance with relevant industry standards and regulations 6. Stay up-to-date with the latest cyber security threats, trends, and best practices 7. Provide training and awareness sessions to educate clients on cyber security measures 8. Collaborate with cross-functional teams to ensure alignment on cyber security initiatives 9. Prepare detailed reports on findings, recommendations, and progress updates for clients 10. Participate in client meetings to present findings and provide guidance on cyber security matters

Conduct third party risk assessments in alignment with company security policies and industry standards Perform on site assessments of vendors to identify opportunities for improvement Provide input and aid in the development of policies focused on the security of third party business processes Foster relationships and influence the behavior internal teams and external parties Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively Complete monitor and control tasks triggered by supplier Tier and Third Party Interaction Model Collaborate with the line of business stakeholders to deliver year over year cost savings with managed third party relationships Assist in development and execution of category/supplier strategies Partner with internal budget owners to deliver against operating or marketing budgets Partner with appropriate stakeholders on contract negotiations for all managed third party relationships Qualifications for third party risk management: Minimum 4 years of experience developing and maintaining global vendor risk management programs CISSP, CISM, CISA, or CRISC certification preferred Solid understanding of information technology and security solutions Responsible for proper invoice review, reconciliation, and payment Monitor and ensure successful delivery against third party contractual obligations

Designation: Information Security Consultant Job Code: JD2208396 Location: Bangalore Number of Vacancies: 1 Total Experience: minimum 1 year Shift: General Reports to: CTO Qualification: BE/B.tech/Bsc/BCA/M.Tech/ME Certification: ISO 27001:2013 Lead Implementer (preferable) Job Description: IT Security Consultant , with overall 3+ years of professional experience with areas of expertise in Governance Risk & Compliance (GRC), Third Party Risk Management (TPRM), Information Systems Audits including ISO 27001, Data privacy, GDPR, ITGC Assessments, Control testing, Information Security, ISO 27001 Implementation, SOX and SOC 2, IT Risk assessments on application and infrastructure. Information Technology and Information Security Governance and Risk Compliance Implementation across various industries including Banking, Retail, Insurance, Energy, and e-commerce. Expertise in Vendor Management, Issue Management, Compliance Management, Policy Management, Business Continuity and Disaster Recovery& Risk management modules/solutions. Detailed knowledge of international regulations and best practices covering ITIL, COBIT, ISO 27000, SOX, COSO, PCI, HIPAA and NIST 800. Have experience in core ISMS, services focused on SOX, ITGC, COBIT, COSO, ISO 270001, specialized in Governance & Compliance and Internal Audits. Good experience in client interaction with global leaders during requirement specifications and project implementation phases. Performed risk assessments based on industry standards, provided recommendations to management on results of analysis and work closely with other team- members to refine and enhance security controls and reduce organizational risk. Managing GRC and Third-Party Risk Management related engagements. Conducting audit to check the security posture of critical vendors. Performing quality checks for third party risk assessment. Facilitating External and Internal audits for ISO 27001. Identify and assessing areas of significant business risk. Plan and evaluate IT-related technical and organizational measures. Managing and reporting compliance breaches and exposures. Conducting Compliance audits by reviewing SOC2 Type II, Hi-Trust, ISO27001, PCI-DSS reports. Supporting various departments by collecting and coordinating internal compliance data with auditors and various departments. Ensuring complete, accurate, and timely audit information is reported to Management and/or Risk Committees. Qualification Bachelor's degree in computer science (B. Tech, BE, BCA, or MCA), ISO 27001 :2013 LA Preferred, Experience in Audits and Assessments preferably covering ISO 27001, SOC 2 Type 2, GDPR, Client Audit and Privacy Regulations (GDPR) Experience in identifying and remediating threat & vulnerabilities. ***the candidate must have a very good communication skill

#Greetings from IDESABS!! Overall Budget Tracking and Reporting - Publish Budget report (Budget utilization tracking (month-on-month)) (Project budget accountability with Project Manager) - Expense tracking, Expense gaps management, Expense adjustments - Expense validation (planned vs. actual vs. adjusted) - Highlighting discrepancies / over-spends - Risk management (raise, maintain, monitor, and mitigate) for budget Vendor/Supplier Management - Support internal contract management (eg: TPRM) & Legal Clearance process (with PM) - Support for Vendor/Supplier Contracting and e-Memo process - Support for Vendor/Supplier Invoice management (leaves in timesheet, invoices). (PM to review the timesheet entries / activities) also, define and optimize the timesheet review process. Reporting a) WSR/Fortnight meeting with Management - Schedule meeting (and manage logistics) as per project governance plan - Schedule pre-consultations with stakeholders prior to meeting (as required) - Status report draft and publication [co-ordinate with respective PM/DM] - Draft, review and publish minutes of meeting post all status report meetings - Consolidate, assign, and track action item (until closure) with respective PIC b) SteerCo meeting [RSG Management and Project SteerCo] - Schedule meeting (and manage logistics) - Schedule pre-consultations with stakeholders prior to meeting (as required) - SteerCo deck draft and publication [co-ordinate with respective PM] - Draft, review and publish minutes of meeting post all SteerCo meetings - Consolidate, assign, and track action item (until closure) with respective PIC Project Management support and co-ordination a) Support to PMs - Maintain and track RAIDS register and report [co-ordinate with PMs] - Support for maintenance of stakeholder matrix for the project - Support for maintenance of communication plan - Support for new project initiation activities (project set-up, pre-consultation) - Support program manager for financial planning - Support on the Kessai process draft and submit application - Support PMs on Kessai drawdown process, review, and approval (Kessai Planning and approval managed by Prog. Mgr.) - Action tracking for the project and program activities (TO-DO tracker) b) Resource demand management and supply - Manage demand for APH program/project, forecasting and fulfilment - Create and maintenance of resource loading sheet (RLS) - Manage the resource requisition process (i.e. source, set-up interviews) - Management of resource leave management for project resources - Support on vendor resource onboarding process (laptop issuance, ID card, access & logistics)

Dear Applicants, Greetings from Teamware Solutions! Position: Third Party Risk Management Experience: 4-6 Years Location: Mumbai (Apply if you are in western line) Notice Period: Immediate Joiners Interested candidates can apply to the given Email ID: greeshma.t@twsol.com Job Description:- Develop a strong understanding of outsourcing regulatory requirements as they relate to outsourcing and how the Firm must meet those requirements Shepherd Intake Forms through the multiple project phases and ensuring the agreed Service Level Agreements (SLAs) and go live deadlines are met Provide project management support for the entire lifecycle of an engagement, to ensure that all project related deliverables are met (i.e., completion of calls, governance and regulatory requirements, clearance and acknowledgments from control groups, including Compliance, Tax, Legal, BU, etc.), including project status reporting Provide support to ongoing project initiatives Must have skills Third Party Program Engaging and Manage Stakeholder and their Reg. related requirements Vendor Management, Project Management, Stakeholder Management, Supply Management Understanding and some experience of Third Part program Looking for professionalism and maturity. Domain – Investment Banking

Role & responsibilities Skillset : SDLC , TPRM Assessments & Cybersecurity (Major requirements or primary skillset) Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring. Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google). Job Description: Security, Risk and Technology Strong knowledge of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, State Privacy Laws, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws. Ability to relate these regulations back to security controls. Understanding and application of information security standards and best practices including NIST Cybersecurity Framework, ISO 27001-4, CoBIT, Cloud Security Alliance, etc. Ability to identify risks, quantify them, and help recommend and design mitigations. Broad knowledge of Unix, Linux, Windows and mainframe server environments. Knowledge of various database platforms. Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring. Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google Cloud or Oracle Cloud) Education / Experience: Security, compliance, audit or risk covering a wide area of technologies and security domains including those previously mentioned. Financial industry or highly regulated industry background (Insurance, Banking, etc.) Project work experience with a recognized security, audit, or risk consulting firm a plus CISSP, CISA, CISM or other security/control certifications a plus. Bachelors degree or higher – preferably in Computer Science, Engineering, or a related scientific fields Communication Excellent verbal and written communication skills Ability to develop and QA/oversee development of high quality project artifacts Ability to collaborate, influence and communicate successfully in different ways concisely to different audiences (i.e., in business terms to business people, in technical terms to technical people) Able to develop and present dashboards Engagement Proven ability to engage with customers (IT and Business) and consultants in a highly professional and competent manner. Understanding and experience with project life cycles using proven methodologies – from analysis through implementation with hands-on deliverable development. Ability to work in a matrix reporting environment A practiced ability to influence peers, customers and project teams to make security minded decisions and changes Ability to scope projects, developing project charters, requirements, documenting issues and work plans, vendor selection, product/process design and implementation, change management/communication a plus.

The Senior Resilience Analyst Third-Party is a versatile and innovative risk professional who can support all aspects of Resilience, including Business Continuity, Disaster Recovery and Corporate Crisis Management. You will be responsible for supporting the implementation of a global, enterprise level and sustainable resilience framework in conjunction with a wide range of business stakeholders. About the Role: As the Senior Resilience Analyst, you will: Define the standard of adequate contingency plans for critical third- parties Wholistically pull the together the internal and external plans in case of third-party disruption Work with critical TR stakeholders to inform them of the Resilience framework and its importance. Will play a critical role in the mapping of vendors against critical operations as part of the operational Resilience Program Work with Third-party risk management team to review and approve Business Continuity and Disaster Recovery clauses Deliver subject matter expertise on resilience control function responsibilities within the Third-party lifecycle activities. Have an in-depth knowledge of Business Impact Analyses and work with key stakeholders to get them completed. Deliver BIA training sessions for process and asset owners to better familiarize them of expectations and requirements. Support the implementation of common resiliency and recovery taxonomies and policies. Identify business processes and then work to ensure they are resilient. Meet KPIs for process identification and BIA completion. Leverage BIA output to design new recovery strategies and refresh existing strategies for maintenance and resumption of operations to meet business requirements. Document the strategic information captured through the BIA within standardized business recovery plan templates to support the execution of strategies and the continuation and recovery of business activities. Work with the other teams in Risk and Compliance to drive efficiencies and risk mitigation capabilities across the Risk and Compliance organization. Work together with Third-Party Risk to identify critical third-party vendors (leveraging BIA output) and begin to co-develop recovery strategies with vendors to support continuity of services. Support the enterprise-wide Crisis Management process and integrate escalation and response protocols into the Resiliency function. About you: A Bachelors degree level in relevant subject (e.g., Business Administration/Management, Economics, Finance, Technology, Innovation) 5+ years in a similar role or any valid combination of education and experience Versatility to understand various and complex subjects to adequately build collaborative, productive and trust-based relationships within the business segments and functions Solid experience in creating, editing, and proofreading executive-level documentation and material Proven ability to take initiative and influence within a matrix organization to achieve results Knowledge of controls in business and technology environments (e.g., SOx) Expert knowledge of MS Office (Word, Excel, PowerPoint) Strong knowledge of GRC tools, specifically Fusion Excellent organizational skills and attention to detail, with the ability to autonomously set and meet deadlines Additional key differentiators would be: Hands-on experience in the design and scaling of a Resilience Framework and enhancing organisational maturity. In depth knowledge of ISO 22301. In depth knowledge of Fusion, including process automation. Technology fluency: Knowledge of PowerBI, Tableau and good understanding of technology concepts such as AI, ML, RPA, and data science.

Understanding the requirement to conduct comprehensive information security risk assessment of 3rd party service provider (TPRM) who will provide new services/applications Plan and conduct periodic assessment of existing vendors as per organizations

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

Role & responsibilities About the job At Sanofi we chase the miracles of science to improve peoples lives. We are dedicated to making a positive impact on the lives of the patients and families we serve, and we accomplish our goals through world-class research and with the compassion and commitment of our employees. As we continue to transform the practice of medicine, the next chapter of Sanofis Play to Win strategy will require a focus on delivering transformation and simplification of our core processes, optimizing resource allocation and deployment to fuel business growth and investment in science. To facilitate this transformation, a new Business Operations Business Unit is being established, bringing together existing business service activities, and driving further expansion of centralized services at scale into a global unit, with a focus on driving simplification, efficiency, and productivity. This new Business Unit will enable the delivery of best-in-class business support capabilities across the organization, incorporating and engaging disparate teams from across areas such as R&D, M&S, the Corporate Functions and GBUs into new global Service Delivery Towers with initial services spanning Commercial, Finance, Procurement and People & Culture. Reporting to the Head of Procurement Risk Assurance, the Risk Assurance Analyst plays a critical role in assessing and managing risks. The incumbent supports the development and execution of strategies to ensure sustainable supplier relationships align with Sanofi's business objectives. Responsibilities: Risk Assessment : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. Compliance : Collaborating with procurement teams to drive adherence and enhance controls across the E2E Procurement lifecycle. Ensure compliance with relevant industry standards and regulatory requirements. Reporting and Data Visualization: Generate regular reports and dashboards for TPRM process and Supplier risk factors, compliance metrics, and key performance indicators for stakeholders and leadership. (Power BI, COUPA Analytics preferred) Collaboration: Work closely with Procurement, GBUs and Risk Domain Experts to integrate risk management practices into the supplier relationship lifecycle. Continuous Improvement: Identify opportunities for enhancing risk management processes, implementing best practices to drive positive outcomes. share resume to nedunuri.saikumar@manpower.co.in IT ISA CONTRACTUAL ROLE FOR 1 YEAR AND WILL BE RENEWED YEARLY

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

Step into a leadership role as a Controls Assurance Manager , driving risk and compliance strategies across the business. You will conduct control testing, oversee issue assurance, and collaborate with senior stakeholders to enhance governance and security frameworks. Location : Mumbai/Pune Your Future Employer: Join a global leader in enterprise security and technology, providing robust governance, risk, and compliance (GRC) solutions. Be part of a dynamic team that ensures regulatory excellence and operational resilience. Responsibilities: Performing control testing across Third Party Risk Management, Operational Resilience, Data & Privacy. Overseeing and supporting the Technology controls testing team. Supporting Issue Assurance processes and validating closure packs. Assisting management in remediating control gaps and implementing improvements. Building strong relationships with key stakeholders and senior leadership. Enhancing IT risk efficiency through innovative approaches. Requirements: Graduate in any discipline. 8+ years of experience in Technology and/or Security Risk Management. Strong knowledge of risk management frameworks and three lines of defense practices. Experience in Financial Services, IT Risk, and Operational Resilience. Certifications like CGEIT/CRISC would be an advantage. Whats in it for you: Opportunity to work with global stakeholders and industry leaders. A dynamic work environment with cutting-edge technology risk practices. Career growth in enterprise security and governance.

Job Description : Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings Exp : 3+ years Expertise with Vendor Risk Management, GRC, and ISO 27001. Shift timing : 1.00 PM-10 PM IST Hybrid mode of work Location : Hyderabad Notice Period : Immediate- 30 days only.

Role & responsibilities Are you passionate about data, reporting, and stakeholder collaboration? We're looking for a results-driven professional with strong experience in KPI reporting using Power BI , excellent stakeholder coordination skills, and a solid background in IT processes . In this role, you will: Prepare and deliver high-impact meeting decks and committee materials Generate insightful KPIs using Power BI Collaborate with international teams (Paris/Central PMs, TPRM) Support DORA KPI/SLA reporting initiatives Experience working in an international and collaborative environment is a big plus! If you're a detail-oriented, communication-savvy team player who thrives in a dynamic environment, we want to hear from you

Job Title: Transversal TPRM Reporting Analyst Department: Global Banking IT Location: Chennai Experience Required: Minimum 5 years Position Purpose: We are seeking a highly analytical and detail-oriented TPRM Reporting Analyst to join the Global Banking IT Transversal Team. The role requires the preparation and analysis of reports and KPIs using Power BI, with coordination between onshore and offshore stakeholders, especially Paris/central project managers and the ISPL TPRM or Central TPRM teams. Key Responsibilities: Primary Responsibilities: Create and maintain meeting decks and reporting materials for internal committees and stakeholder updates. Build, update, and optimize KPI dashboards and reports using Power BI. Coordinate with Paris-based and central project teams to gather required data and insights. Work closely with ISPL/Central TPRM teams to ensure reporting alignment and accurate data delivery. Ensure all necessary stakeholders are aligned and prepared for committee meetings. Contributing Responsibilities: Provide support on DORA KPI/SLA topics in collaboration with project managers and functional leads. Contribute to the development of processes for performance monitoring and reporting. Technical Competencies: Proven experience and proficiency in Power BI and KPI dashboard creation. Strong skills in Microsoft Excel and PowerPoint for reporting and presentations. Working knowledge of IT processes and service management. Familiarity with SharePoint for collaboration and documentation. Behavioral Competencies: Excellent communication skills (both oral and written) with the ability to manage stakeholders across geographies. Strong attention to detail and organizational skills. Collaborative, customer-focused mindset with the ability to thrive in a team environment. Initiative-driven and capable of working independently in a fast-paced, global setting. Preferred Qualifications: Prior experience working in an international/global team environment. At least 2–3 years of experience in handling TPRM or risk reporting processes. Experience producing and managing statistical reports, performance indicators, and SLAs.

About The Role Experience - 15+ years Location - experience and exposure of implementing following ServiceNow applications/module/process ITSM ITOM (Discovery and CMDB CSDM model) Performance Analytics and Reporting Software Asset management GRC/IRM/TPRM/BCM SecOps (Security Incident and Vulnerability Management) Third Party B2B Integrations using REST and SOAP APIs MID Server Setup and Administration Service Graph Connectors for MS Intune and AWS Discovery ? AWS Event based discovery Platform upgrade and clone administration ServiceNow Mobile Applications Service Portal, , Dashboards and Reports Performance Analytics Flow designer ITSM Virtual Agent Service Graph Connectors for discovery of AWS and MS Intune ? Optimized ServiceNow implementation by analyzing business processes and recommending system enhancements. Streamlined service delivery with the development of custom applications and workflows within ServiceNow. Managed complex integrations between ServiceNow and third-party systems to improve data flow and automation capabilities. Provided ongoing support for implemented solutions, addressing issues promptly to maintain optimal system performance. Led cross-functional teams in the execution of strategic initiatives related to ServiceNow adoption across the organization. ? Assisted clients in defining clear project requirements, translating them into actionable plans for successful solution deployment. Contributed to process improvement efforts, identifying areas for optimization within existing service management procedures. Collaborate closely with stakeholders at all organizational levels to understand their needs and tailor solutions accordingly within the ServiceNow platform. ? Mandatory Skills: Servicenow-Development. Experience8-10 Years. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Tata Consulting Engineers Limited is looking for Business Support - Consultant - Technology Vertical to join our dynamic team and embark on a rewarding career journey Customer Assistance: Providing timely and helpful support to customers who reach out with inquiries, problems, or requests for assistance Issue Resolution: Diagnosing and troubleshooting technical issues, product malfunctions, or service disruptions, and offering solutions or workarounds Technical Expertise: Demonstrating a deep understanding of the products, services, or systems being supported, and staying updated on changes and updates Communication: Communicating with customers via various channels, such as phone, email, live chat, or in-person, in a professional and courteous manner Documentation: Recording customer interactions, including the nature of the issue and the steps taken to resolve it Product Knowledge: Maintaining a strong knowledge of the company's products, services, or systems to provide accurate and effective support Training and Education: Assisting customers in understanding and effectively using the products or services by providing guidance and training

About The Role : Job TitleInformation Security Analyst, AS LocationMumbai, India Role Description CRO DCO Resilience team Manages and Governs various risk types for Chief Risk Office (CRO) including but not limited to Information Security, Data Protection, Records Management, Business Continuity, Vendor / Third Party Risk Management (TPRM) The Resilience team in India is a part of CRO's Divisional Control Office (DCO) responsible for Governance on various risk types Information Security Analyst will be responsible for ensuring governance on information security and other risk types for various CRO Functions Information Security Analyst will support CRO DCOs efforts to identify, analyse and report the non-financial risks of the CRO Function, thereby ensuring that Group and Functional standards are consistently applied. The candidate is required to demonstrate very good understanding of risk management activities, paired with strong stakeholder management and Microsoft office skills. The role will have full exposure to all areas within CRO and requires working closely with a variety of stakeholders. The role has considerable scope for professional development across the Risk Management domain What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities As the Information Security & Technology Analyst your responsibilities will include (but not be limited to): Assume ISO ownership for assigned Risk applications Ensure execution of Information Security risk assessments and compliance evaluation Ensure implementation of controls for identified Information Security and Technology risks for designated business applications and functions Ensure implementation and maintenance of Identity and Access Management processes, as well as execution of periodical recertification of User Access Rights Ensure annual validation of key application documentation, including KOP and User access matrix for each assigned application and activities Provide timely updates to the DBISO and/or Risk Chief BISO regarding afore mentioned tasks Ensure accuracy of application entries regarding Information Security in the Group inventory of applications (NAR) Engage and create a positive network across external teams like Technology, respective functions, Chief BISOs, Risk type managers etc. Treatment of escalation questions regarding problems as well as assessments of potential violations of regulatory or internal guidelines regarding Information Security Cooperation in improving existing processes and workflows as well as independent implementation of new processes Regular attendance at scheduled meetings and telephone conferences, e.g., presentations of work results to senior decision-makers/workgroups, processing of meetings and telephone conferences (preparation of agendas, if needed, keeping the minutes) Management of urgent activities at short notice Management of enquiries from auditors and regulators Your skills and experience Core understanding of non-financial risk. Good understanding of risk management activities and internal control frameworks. Strong analytical skills to interpret and analyse data. The ability to successfully navigate a complex organisation, build strong relationships and work collaboratively with diverse stakeholders across the bank Very good Microsoft Office skills, particularly Excel and PowerPoint A sound knowledge of Information Security would be preferred along with Information Security Certifications / skills How we'll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

Role & responsibilities ISMS or Third-Party Risk Assessments Ability to effectively liaise with clients and manage stakeholder expectations Work with client teams from various depts. Such as compliance teams, auditing and regulators to identify and document various requirements/obligations Conducting risk assessments and audits with respect to people, process and technology Identification of gaps/observations, risks, opportunities and improvement of policies, processes, procedures and standards Documenting information security risk, recommendation and compensating controls in the form of assessment/audit reports Desired qualifications Relevant 6+ years of experience in Third party risk management Highly preferred certifications - ISO27001, CISM , CRISK, CISA. Relevant years of experience in IT Audits, Cloud security Experience with ISO22301 implementation and audits Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA to work in a cross-functional, cross-cultural matrix environment\ Understanding of Third party/vendor/supplier risk management considerations Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management Excellent written/verbal communication Excellent documentation and presentation skills Highly motivated and willing to work in local and global environments Security certifications like CISSP, CISA, CISM, CEH, ISO27001 Work experience in Infrastructure / Application Security Work experience in IT Audit Work experience in Information Risk Management

Join the Thomson Reuters enterprise Third-Party Risk Management function to help strengthening the control landscape and support the establishment of new, and delivery of existing core processes designed to evaluate and manage risks associated with external business relationships About the Role: Be a leader: Lead, mentor, and coach a small to medium-sized team of individuals sitting in different locations, fostering a culture of collaboration, professional growth, and excellence in service delivery. Be customer-focused: Ensure consistent and SLA-aligned delivery of high-quality, enterprise-wide services such as identity verification, supplier, partner and customer screening, engagement-level risk assessment, ongoing monitoring and more. Be capability-oriented: Support the development and implementation of data-driven routines to build an operational centre of excellence within the Risk & Compliance organizaation. Be a partner: Collaborate with stakeholders across Sales, Partnerships and Alliances, Global Procurement, General Counsel, Technology, Information Security, and other functions to align TPRM processes with business objectives. Be a change agent: Identify opportunities for process improvements and efficiency gains within the framework, leveraging emerging technologies such as automation and AI to enhance operational performance. About you: 12+ years of overall experience, with 8+ years of relevant experience in risk management, procurement, administrative management, or third-party risk management; and at least 3+ years of experience in a leadership or team management role. Demonstrated ability to build and lead a team, promoting diversity, inclusion, and a focus on continuous improvement. Strong interpersonal skills with the ability to work with diverse stakeholders at varying levels of seniority. Natural curiosity, adaptability to navigate uncertainty, and comfort with ambiguity in a fast-paced environment. Proven ability to support and enhance policies, procedures, and operational processes in collaboration with key business stakeholders and across various domains. Strong business acumen and commercial awareness, with the ability to think strategically and make sound business judgments.

Hiring for TPRM with BI in one of our prestigious banking company . Role : TPRM Exp : 5-9 years Notice Period : Immediate - 30 days Job Location : Chennai Work Mode: Hybrid **Interested candidates drop your resume to saarumathi.r@kiya.ai Job Summary: We are seeking a detail-oriented and proactive professional to support Third-Party Risk Management (TPRM) activities, committee meeting preparations, and regulatory compliance processes. The role will involve close collaboration with project managers, vendor management teams, and stakeholders across different geographies including Paris and central teams. The ideal candidate will have experience in KPI reporting using Power BI, strong coordination skills, and a solid understanding of IT and risk processes. Key Responsibilities: Primary Duties: Prepare meeting decks and facilitate committee meetings with internal and onshore stakeholders. Produce KPIs using Power BI and support the risk committee meetings by generating required reports and insights. Coordinate with Paris/Central project managers and ISPL TPRM/Central TPRM team to ensure the availability of accurate data for reporting. Assist in identifying, assessing, and mitigating risks associated with both internal and external suppliers. Coordinate and facilitate Vendor Management risk assessments, resolving associated issues. Ensure third-party risk assessments are completed in collaboration with TPRM stakeholders and central teams. Identify risks within Service Level Agreements (SLAs) and support mitigation strategies. Monitor and document risks using the R360 (Risk 360) tool. Follow up with stakeholders during the entire risk assessment process. Ensure third-party engagements are aligned with contractual obligations and TPRM requirements. Contributing Responsibilities: Provide support for the Digital Operational Resilience Act (DORA) European regulation by assisting Project Managers and stakeholders in monitoring third-party performance and resilience. Technical & Behavioral Competencies: Technical Competencies: Strong knowledge of IT processes. Proficiency in Microsoft Office tools, especially Excel and PowerPoint. Experience with Power BI for dashboarding and KPI reporting. Working knowledge of SharePoint for documentation and collaboration. Behavioral Competencies: Excellent communication skills for effective stakeholder management. Customer-focused mindset and ability to work collaboratively. Team-oriented with a proactive and initiative-driven attitude. Qualifications: Bachelors degree in Information Technology, Business, Risk Management, or a related field. Experience in third-party risk management, vendor assessments, or IT governance is a plus.

GRC professional with good understanding of industry frameworks and standards 2. In-depth experience on Third-Party Risk Management a. Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices b. Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis c. Articulate risks and potential options for remediation or compensating controls d. Understand inherent risk assessment e. Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility 3. Strong business and communication skills 4. Experience in driving meetings with stakeholders 5. Provide advisory and consulting to client on new trends and challenges in enterprise risk management area 6. Experience in design and development of information security policies, standards, and guidelines 7. Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA 8. Lead and drive meeting with top management 9. Design / modify Contract security language / security clauses 10. Co-ordinate and negotiate security clauses with Procurement team and Supplier 11. Experience on GRC platforms 12. Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations 13. Well versed and hands-on experience for establishing processes, controls and audits of compliances like HIPAA, CFR, PCI DSS & SOX ITGCs. 14. Documentation of as-is IT & Risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations 15. Work with the client & technical teams for change request on any risk or control implementation as well as governance process 16. Participate in internal as well as external regulatory as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

About The Role : Job Title Vendor Risk Manager AVP LocationPune, India Role Description Vendor Management is responsible for the service relationship with a vendor on a transactional level and for transactional vendor related support tasks. Work includes Managing or performing strategic sourcing work to manage risk and optimize the value/resilience of materials/services sourcing including Establishing supplier relationship management processes and continuous improvement goals/programs Negotiating contracts and coordinating supplier integration plans with internal clients Monitoring market dynamics that impact materials/services availability and/or pricing Partnering with internal clients to identify sourcing needs, develop buyer/market profiles, identify marketplace trends, and define acceptable service levels What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Y our key responsibilities Vendor Risk Management (VRM) is the framework/process for identifying and managing the risks arising from working with third-party vendors (internal and external). All vendor relationships and transactions are assessed and those carrying higher inherent risks are subject to a more granular assessment. SO (Service Owner) role is responsible for owning the service and providing comprehensive details, responding to tasks in the VRM process when necessary. Your role Taking end-to-end ownership of each assigned Vendor Risk Management (VRM) Engagement Requests for an engagement as SO. Follow-up with Vendors point(s) of contact for responding to all Control questions raised during VRM process for an engagement. Escalations to be triggered as required. Attending all trainings and workshops defined as mandatory by internal Third-Party Risk Management (TPRM) teams. Keeping yourself familiarized and updated on all latest Policies and Procedures published by the various Risk Management Functions within Deutsche Bank. Keeping yourself familiarized and updated on control requirements of the latest Security Control for Third Parties (SCTP 4.0) and explain the same to vendors to ensure that appropriate evidence is shared by the vendors, which satisfy the Control requirement. Ensuring appropriate due diligence before Third Party Management (TPM) review initiation and familiarity with Risk Type Controller (RTC) requirements in advance Providing comprehensive and transparent details about the owned Engagement Request in the TPM platform in a timely manner Ensuring that the data provided about the owned Engagement Request are kept up-to date, in line with the TPM Key Operating Documents Performing VRM Process tasks when prompted by TPM and/or RTCs Notifying the relevant RTCs whenever gaps are closed, deadlines cannot be met or full mitigation is not possible, Remediating gaps identified for the Engagement Request and implementing mitigation plans, Reporting gaps by raising Self-Identified Issues (SII) in an engagement and follow-up for closure/mitigation on a timely basis, in line with the remediation plans shared, Addressing unmitigated risks/gaps in accordance with the Operational Risk Management Policy, TPRM Policy, TPRM Procedure and TPM Key Operating Documents, Ensuring the service does not commence before the VRM review is completed, Ensuring that no contract is signed, or service is delivered to any Deutsche Bank Legal Entity for which Compliance deemed the service prohibited, Ensuring adherence to contractual obligations by Vendor Ensuring compliance to Regulatory guidelines Timely submission of accurate data to Regulators. Liaising with Divisional Vendor Management Office (DVMO) resources for closing any open points related to the engagement requests, Ensuring all strategies and plans eg. Termination Exit Plans, Termination Exit Strategies, etc. related to an engagement are documented, agreed between the relevant stakeholders, and reviewed / updated on defined intervals. Ensuring that Monthly, Quarterly Governance meetings with appropriate stakeholders are conducted and the details documented in line with the SDM requirements, Ensuring monthly feedback / review is completed for all engagements in scope and the details are documented in the designated portals in line with relevant policies. Ensuring annual audits are budgeted, planned, and conducted for the identified vendors and follow-up to ensure all open findings are remediated by vendor. Your skills and experience Excellent skills and experience / technical knowledge in handling data/information security audits in Banking / Financial environments Minimum 10 years Knowledge and experience with handling / responding to controls around IT Security audits, Financial Audits eg. SOX IT (SOC) audits, ISO 27001:2022, PCI-DSS, etc. Working with multiple teams to remediate open findings identified during internal / external audits including regulatory audits, IT Security audits, etc. Familiar with security requirements for Banking applications and environments, A great team player who is comfortable in working and coordinating with diverse people from both internal as well as vendor teams, Excellent communication and mentoring skills, Experience with distributed, multi-locations teams, Able to inspire and motivate people and multi-disciplinary, self-organized teams, Any Certifications in areas of Information Security or Vendor Management is a plus, Professional level of English is mandatory. How we'll support you Training and development to help you excel in your career. Coaching and support from experts in your team A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Role & responsibilities We are seeking enthusiastic & technically savvy professionals to support the current team with the execution and management of engagements in our current and future Client portfolio. Information Security Governance, Privacy and Compliance and Security Assessment experience with a focus on IT and IS Risk Assessments and program reviews / establishment. Understanding on ISO 27001/ NIST 800-53/ PCI-DSS Interacting with onshore engagements and clients directly performing Vendor or Third-party security assessments Business Continuity planning and Disaster Recovery implementation and review experience. Perform remote assessments independently. Independently write reports of the assessments based on the discussions during remote reviews. Perform second level quality review of the reports written by peers/junior resources.