140 Tprm Jobs - Page 4

Role & responsibilities 2 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

5 years of exp in Service Now (Service New TPRM Module, GRC, IRM)- in combination if possible; Secops, (ITOM, CMDB, Service Mapping)- combination if possible Secondary Skill Microsoft office, Microsoft Project Interested candidates can share the profile to swathi.mba1085@gmail.com

Greetings from Northern Trust! We want to approach you for an exciting vacancy of Sr. Associate/Lead, Cyber Sec Risk Mgmt position with Northern Trust for Pune location. Your profile seems to be matching the requirement. Please find below the job details for your reference Job Role: Sr. Associate/Lead, Cyber Sec Risk Mgmt Job Location: Pune Experience: 7+ years Skills: IT Audit, IT Risk Mgmt, SOC Reports, NIST Frameworks, TPRM Job Description: Responsibilities: Perform information security risk assessment processes for new and existing Northern Trusts third parties business partners. Demonstrate some proven knowledge on some of the following domains: Information Security Governance and Risk Management Access Control Vulnerability and Penetration Network Security Application Security Cryptography Security Architecture and Design Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations and Compliance Physical and Environmental Security Cloud Security Perform assessment of IT controls operation, identifying, gaps, risks and areas for improvement. Report writing skills. Knowledge on regulations related to banking and compliance Should be well versed with contract language, analysis and negotiation process. Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses. Responsible for working with procurement teams to formulate/renew the contracts as per the information security team guidelines. Responsible for documenting, and reporting to management, all findings from risk assessment processes. Collaborate with internal stakeholders & functional teams to ensure that all identified risks within each third party are assigned to business owners and tracked for timely closure. Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust. Foster a positive and collaborative environment. Demonstrate ability to work well in both an individual contributor and team capacity. Rapidly and effectively adapt to a highly dynamic and fast-paced work environment. Skills Preferred: Excellent written and verbal communication skills. Able to converse and develop business relationships with individuals and teams at any level within Northern Trust. Knowledge of IT Security Domains / Frameworks (e.g., NIST, ISO27001). Knowledge of Compliance regulations. Understanding of IT Audit process. In-depth understanding of information security, risk assessments, security risk management principles. Principle understanding of Technology controls relating to Application and system vulnerabilities Advanced experience with MS Office, SharePoint, and Reporting tools Ability to develop visual representations of processes and risks to support executive updates. We want to take it ahead for further screening and interview rounds. Please respond back at the earliest to move your candidature ahead. Regards, Northern Trust Talent Acquisition Team

Role-TPRM Location- Bangalore/Mumbai OVERVIEW KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills Selection Process Candidates should expect 2-3 rounds of personal or telephonic interviews to assess fitment and communication skills. Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

: Job TitleTPRM - Process Unity Specialist, AS LocationPune, India Role Description Process Unity Application expert for the design and development within Process Unity and its integration with different applications supporting software to meet TPRM business requirements. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Must have good knowledge of TPRM process i.e., process from sourcing/screening till the Exit plan. ProcessUnity Application functional expert should coordinate the design and development with in ProcessUnity and its integration with different applications supporting software to meet business requirement. SQL & Configuration expert having knowledge to write query for Changes build in TPRM application Support Operational Readiness Records for maintaining the regulatory compliance & Audit Assessments and Control function for Third party risk management process containing standard/high risk to low-risk process. Proven experience in overseeing Change Management processes with planning, testing, implementing changes ensuring seamless transitions. Develop and maintain comprehensive documentation on Change Management/Incident Management/Audit /Process Frameworks/ RCA etc. with clear framework reducing ambiguity and enhance team efficiency. Handle system administrator role, working on Service Requests and Jira changes. Utilize incident data to root causes and pattern, driving continuous improvement in process and application stability. Integration between different applications and maintenance of architecture layouts. Strong Stakeholder relationship as acting a layer between core IT integration and business to meet expected requirements. Maintain transparent and open lines of communication with stakeholders keeping informed about project progress, changes, and potential risk. Support the collection, analysis and production metrics on process data for KPIs to find out improvements. Your skills and experience Overall, 6-9 years of experience 3+ years experience on ProcesUnity Development How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

ServiceNow Business Analyst TPRM Experience: 39 Years Work Location: PAN India Role Summary: The ServiceNow Business Analyst for TPRM acts as the bridge between stakeholders and technical teams. This role involves gathering requirements, mapping processes, preparing user stories, and ensuring successful configuration of TPRM workflows on the ServiceNow platform. Strong communication and domain knowledge in third-party risk are essential. Required Certifications: ServiceNow Certified System Administrator (CSA)

Work location: PAN India ServiceNow Developer TPRM Experience: (6-9 Years) Role Summary: A mid-level ServiceNow developer focusing on implementing and customizing the TPRM module. Responsibilities include developing custom scripts, configuring forms, workflows, and integrating the TPRM application with risk scoring mechanisms, all while supporting agile delivery ServiceNow Developer TPRM Experience: 3–6 Years Role Summary: This junior-to-mid-level role involves development and support for ServiceNow’s TPRM module. The developer will work on workflows, scripting, assessments, and UI configurations to support third-party risk operations within an enterprise risk management framework. Required Certifications: ServiceNow Certified System Administrator (CSA) ServiceNow Certified Application Developer (CAD) – Optional ServiceNow Certified Third-Party Risk Management Implementer – Preferred

ServiceNow TPRM Architect Experience: 10+ Years Work Location: PAN India Role Summary: The ServiceNow TPRM Architect leads the design and implementation of complex Third-Party Risk Management (TPRM) and Integrated Risk Management (IRM) solutions on the ServiceNow platform. This senior-level role involves deep architectural design, integration planning, performance tuning, and guiding development teams. Ideal for professionals with extensive technical and functional experience in risk domains. Required Certifications: ServiceNow Certified Third-Party Risk Management Implementer ServiceNow Certified System Administrator (CSA) ServiceNow Certified Application Developer (CAD)

Skills Required: Primary: Service New TPRM Module, GRC, IRM) Secondary: ITOM, CMDB, Service Mapping

In Scope of Position based Promotions (INTERNAL only) Job Title: TPM External Engagement Manager Location: Pune, India Corporate Title: VP Role Description Third Party Management (TPM), part of Deutsche Banks Global Procurement function, is responsible for the processes that manage risks related to the engagement of third party vendors and outsourcing. TPM has been through a large-scale transformation program to change the approach, process and technology used for the vendor risk management process. In parallel, there has been a significant increase from regulators and auditors on vendor risk and the way in which it is managed within DB. Your key responsibilities Given the increased focus on vendor risk and the establishment of a Regulatory Engagement team within TPM, additional support is required to drive and co-ordinate a range of activities, falling into three main areas, Regulatory Analysis, Operational Management, and Content Production: Regulatory Analysis Advisory Build and drive: Create and maintain and up to date analysis of DBs compliance against Third Party Regulations Run the Regulatory Governance Forum, a governance meeting across first and second lines of defence (Global Procurement, TPRM, Legal, Compliance), which includes the below activities: Track the progress of new regulations against the banks Regulatory Compliance Management processes including: Understanding the key owners for each stage of in flight regulations Track and report the progress Escalate report risks and issues via the Regulatory Governance Forum Create Points of View papers for internal audiences for new and emerging regulations and consultation papers Operational Management: Be the primary contact for TPM issues for Asia Pacific region (and other regions as necessary), including all regulatory requests, Outsourcing governance forums and BAU questions. Relay feedback from APAC region into relevant global governance forums, to drive improved outcomes for DBs third party risk management approach Track and report on progress of Management of a communications plan to implement External Engagement activities Contributing to the development of processes to deliver effective management of Regulatory requests from regional, business and Regulatory Management Group Office stakeholders. Development and production of a reporting framework for Regulatory engagement. Creation and management of a repository of Regulatory engagement, peer benchmarking and external communication activity. Development and maintenance of a KOD to document External Engagement procedures. Developing strong relationships with key internal regulatory external audit facing functions Content Production: Responding to business and RTC requests for information to support regulatory audit responses regarding TPM VRM processes, providing high quality content to protect and enhance the reputation of the Banks third party risk management activities. Sourcing and developing credible content to support regulatory engagements, senior management communications and ongoing business and regulatory requests. Work closely with the External Engagement Lead and other stakeholders to agree and implement regular MI to support the TPM story to regulators. Develop deep functional understand of the Third Party Risk Management process and associated platform Functionality This role reports directly to the Lead, TPM External Engagement. Your skills and experience Deep understanding of key global third party regulations (MaRisk, EBA Outsourcing Guidelines, Interagency Guidance, PRA SS1/21, PRA SS2/21, DORA, MAS, HKMA, etc) Ability to influence and build collaborative relationships with a broad range of stakeholders Understanding of the third party risk management process Strong project management and organisational skills Ability to develop and deliver credible content Strong communication skills Self-starter, with the ability to work autonomously and drive engagement Strong attention to detail Ability to challenge the current operating environment Ability to identifying innovative value added solutions

Position Overview: We are seeking a highly experienced and strategic Third-Party Risk Management (TPRM) professional to lead and enhance our enterprise-wide third-party risk program. This role involves overseeing risk assessments, governance, due diligence, monitoring, and issue management for vendors, partners, and service providers across the organization. The ideal candidate will bring 10–12 years of expertise in risk management, information security, compliance, and vendor oversight, with the ability to collaborate across legal, procurement, technology, and business functions to ensure consistent application of third-party risk controls. Roles and Responsibilities Key Responsibilities: Lead the execution and continuous improvement of the Third-Party Risk Management lifecycle, including on boarding assessments, ongoing monitoring, risk reviews, and exit management. Oversee the development and implementation of TPRM policies, frameworks, and procedures, aligned with regulatory standards such as NIST, ISO 27001, SOC 2, GDPR, DORA, and PCI DSS. Conduct and review inherent and residual risk assessments for new and existing vendors across multiple risk domains (information security, compliance, financial, operational, etc.). Collaborate with procurement, legal, IT, business units, and compliance teams to integrate TPRM into sourcing and contract processes. Drive the automation and scalability of the TPRM program through use of GRC platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust). Manage third-party due diligence questionnaires (DDQs), control gap analysis, and track remediation efforts for identified issues. Prepare and deliver executive-level reporting and dashboards related to vendor risk posture, risk acceptance, and compliance status. Stay current on emerging regulatory requirements, supply chain risks, and third-party threats to inform program strategy. Support internal/external audits and regulatory reviews involving vendor risk management. Required Qualifications: 10–12 years of professional experience in Third-Party Risk Management, IT Risk, InfoSec, Audit, or related GRC functions. In-depth understanding of third-party risk domains, including cybersecurity, data privacy, business continuity, and compliance. Experience developing or managing TPRM frameworks and governance structures across global enterprises. Hands-on experience with TPRM tools such as ServiceNow GRC, Archer, OneTrust, Prevalent, or ProcessUnity. Strong knowledge of risk and control frameworks including NIST, ISO 27001, SIG, SOC 2, and GDPR. Proven ability to assess and report on third-party risk posture, remediation plans, and contract compliance. Excellent written and verbal communication skills with ability to influence technical and non-technical audiences. Preferred Qualifications: Relevant certifications such as CISA, CRISC, CISSP, CTPRA, CTPRP, or ISO 27001 Lead Auditor. Experience in regulated industries such as financial services, healthcare, or critical infrastructure.

: Job Title - Engineer Process Unity Consultant, AS Location - Pune, India Role Description This role offers a unique opportunity to be part of a high performing team implementing a strategic future state technology landscape for all of DWS Corporate Functions globally. An Engineer is responsible for designing, developing and delivering significant components of engineering solutions to accomplish business goals efficiently and reliably. Key responsibilities of this role include active participation in the design of their solution components, investigating re-use, ensuring that solutions are fit for purpose, reliable, maintainable, and can be integrated successfully into the overall solution and environment with clear, robust and well tested deployments. Engineers actively look for opportunities to improve the availability and performance of components by applying the learning from monitoring and observation, automating towards zero touch, and championing a 'DevOps' mind-set. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Individual contributor role for developments in ProcessUnity application Thorough understanding on ProcessUnity Third Party Risk Management (TPRM) architecture Exposure to data integration architecture and data transfer method between ProcessUnity and other data provider applications Understand business requirement and perform high level and low level estimation with technical solution approach Build and deliver projects as per the estimates Should have experience in Design and development in implementation projects Own technical delivery of individual components, working with Architects, Business Analysts etc. Driving continuous improvement and a high performance agile culture Ensure high quality standards by getting it right the first time. Your skills and experience 6+ years of experience in configuration and customization in ProcessUnity Strong knowledge on TPRM functionality Good communication and team player Working experience on data integration with ProcessUnity and other TPRM related applications Rigorous, resourceful, adaptable with good attention to detail and strong project ownership Strong configuration management skills How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

We have Immediate Openings on Third Party Risk Management (TPRM) for Contract to Hire role for multiple clients. Job Details Skills Third Party Risk Management (TPRM) Experience 5+Years Job Description : Third Party Risk Management Job Description: Conduct third party risk assessments in alignment with company security policies and industry standards Perform on site assessments of vendors to identify opportunities for improvement Provide input and aid in the development of policies focused on the security of third party business processes Foster relationships and influence the behavior internal teams and external parties Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively Complete monitor and control tasks triggered by supplier Tier and Third Party Interaction Model Collaborate with the line of business stakeholders to deliver year over year cost savings with managed third party relationships Assist in development and execution of category/supplier strategies Partner with internal budget owners to deliver against operating or marketing budgets Partner with appropriate stakeholders on contract negotiations for all managed third party relationships Qualifications for third party risk management: Minimum 4 years of experience developing and maintaining global vendor risk management programs CISSP, CISM, CISA, or CRISC certification preferred Solid understanding of information technology and security solutions Responsible for proper invoice review, reconciliation, and payment Monitor and ensure successful delivery against third party contractual obligations Assist in development of, and monitor, SLA's or key performance indicators for third party relationships

Role: Risk Associate Location: Chennai Experience: 3+ years Responsibilities Include: Direct Responsibilities Prepare meeting decks. Producing KPIs using Power-BI tool. Co-ordination for with Paris/central project managers and ISPL TPRM (Third party risk management) or Central TPRM team to ensure required data availability for reporting. Facilitate with all stake holders for prepare committee meetings. Contributing Responsibilities: Support on DORA KPI / SLA topics with Project Managers & stake holders Interested candidates can reach me through "srilekha.g@twsol.com"

Hello Connections!!! Greetings From Teamware Solutions We are #Hiring for Top Investment Banking. Position: Associate Location: Chennai Years of experience required: 2 to 5 years Notice Period: Immediate to 15 days Must have Skills: Risk Management, Power Bi, Dashboard & TPRM Direct Responsibilities: -Prepare meeting decks. -Producing KPIs using Power-BI tool. -Co-ordination for with Paris/central project managers and ISPL TPRM (Third party risk management) or Central TPRM team to ensure required data availability for reporting. -Facilitate with all stake holders for prepare committee meetings. Interested candidates can send their resumes to ramizun.s@twsol.com.

4+ years Information Security Governance, Compliance and Security Assessment, experience, with a focus on IT and IS Risk Assessments and program reviews / establishment. Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance. Broad understanding of Information Security trends, services and disciplines and experience applying them in dynamic environments. Please reach out to me by below Mail id/ Mobile number:- shiva.c@twsol.com / 8247636421

Skill - ServiceNow with GRC experience : GRC or IRM module Exp- 6 - 9 yrs Work model - Hybrid Mode ( 2 Days work from Office) Work location: Hyderabad/ Bengaluru/Pune/Mumbai/Chennai/Kolkata/Gurgaon Experience: Minimum of 7-10 years of experience in implementing GRC solutions and/or in ServiceNow/Archer/Aravo/OneTrust or cyber strategy. Well versed with at least 1 GRC tool such as ServiceNow/Archer/Aravo/OneTrust. Gathering and documenting business requirements and identifying gaps within existing systems and processes. Hands-on experience on at least 2 GRC modules (ERM, ITRM, TPRM, SecOps, Issues Management, Policy & Compliance Management, etc.). Hands-on experience in on-demand and out-of-the-box solution developments, access control, rules & events, notifications, data integrations, UI, reports and dashboards, workflows and other administrative activities in tools like ServiceNow/Archer/Aravo/OneTrust. Experience on Privacy Enhancement and Automation tools such as OneTrust. Proficient in risk management processes and compliance regulations. Proven experience in GRC, particularly within a consulting environment. Proficiency with scripting language in implementing API integrations with external system Must have development experience in more than 2- 3 projects from scratch to till go-live Strong understanding of GRC frameworks such as COBIT, ISO 27001, NIST, etc. Strong analytical and problem-solving skills. Excellent interpersonal and communication skills, capable of working effectively with clients and team members. Flexibility in work hours may be necessary to meet project deadlines and client needs If interested, share your profile on alisha.k@anlage.co.in Thanks & Regards Alisha

Role & responsibilities Candidate will be responsible for the following activities: Prepare meeting decks. Producing KPIs using Power-BI tool. Co-ordination for with Paris/central project managers and ISPL TPRM (Third party risk management) or Central TPRM team to ensure required data availability for reporting. Facilitate with all stake holders for prepare committee meetings Direct Responsibilities Prepare meeting decks. Producing KPIs using Power-BI tool. Co-ordination for with Paris/central project managers and ISPL TPRM (Third party risk management) or Central TPRM team to ensure required data availability for reporting. Facilitate with all stake holders for prepare committee meetings. Contributing Responsibilities: Support on DORA KPI / SLA topics with Project Managers & stake holders Preferred candidate profile Perks and benefits

Hello Connections!!! Greetings From Teamware Solutions We are #Hiring for Top Investment Banking. Position: TPRM Location: Chennai Years of experience required: 2 to 5 years Notice Period: Immediate Joiners Must have Skills: TPRM (Third Party Risk Management) & Power Bi Responsibilities: -Prepare meeting decks. -Producing KPIs using Power-BI tool. -Co-ordination for with Paris/central project managers and ISPL TPRM (Third party risk management) or Central TPRM team to ensure required data availability for reporting. -Facilitate with all stake holders for prepare committee meetings. Interested candidates can send their resumes to ramizun.s@twsol.com.

Job Role & responsibilities:- Develop and maintain Security Controls relating to 3rd Party suppliers. Carry out reviews/audits/risk assessments to ensure Third Parties are compliant to inhouse Security standards. Align 3rd Party security assurance to the group standards. Ensure Contracts include security schedules. Own relationships with third party suppliers and follow up on unresolved issues. Support, review and quality assure assurance Reporting and Dashboard Assess and develop a supplier information risk tiering to rate suppliers based on criticality of services to be delivered Engage with wider stakeholders to understand and gather supplier strategy and risk management requirements. Assess and develop a set of security requirements from Information policy framework to be included as part of supplier contract schedules Technical Skills , Experince & Qualification required:- Experince into Third party risk Management Bachelor degree in Computer Science, Engineering, or related field. An MSc Information Security would be desirable but is not essential ISO 27001 Lead Auditor certification strongly preferred In depth experience of Security domains, architectures and issues. Information Security and/or Information Technology industry certification (CISSP, CISM or equivalent) strongly preferred Immediate Joiners will be preferred only

Role & responsibilities Required Qualifications: • Bachelors/Master’s degree in Information Security, Business Administration, or related field. • 7+ years of experience in Third-Party Risk Management, with at least 2–3 years in a functional implementation role. • Proven experience implementing TPRM solutions using ServiceNow (or similar GRC platforms like One Trust, Process Unity, Archer). • Strong knowledge of third-party risk lifecycle stages and regulatory frameworks relevant to TPRM. • Experience creating and configuring risk assessments, scoring models, workflows, and reporting tools. • Ability to communicate effectively with both technical and non-technical stakeholders. • Excellent analytical, documentation, and stakeholder management skills. Preferred Qualifications: • Experience in delivering or supporting TPRM managed services or SaaS TPRM solutions. • Familiarity with continuous third-party risk monitoring concepts and integrations with external threat intelligence platforms. • Exposure to industry-specific TPRM frameworks (e.g., financial services, healthcare, etc.).

Position Purpose The candidate for the Third Party Risk Management role within the BNPParibas Operational risk team is responsible for providing independent oversight and strategic 2LOD guidance on the Third Party Risk Management domains across both direct and indirect areas of responsibility for the CIB APAC operating entities. Responsibilities Direct Responsibilities Be responsible for supporting the development and implementation of a CIB wide Third Party risk management program including ICT and non-ICT third parties. Successful candidate will have exposure to developing and implementing risk management programs in global organizations, with robust knowledge of technology, risks, architectures and related tools. Prior third party risk experience (IT, Cyber, Vendor management etc.) and exposure to the Financial Services industry is a must. Experience with GRC tools and other risk management information systems is preferred. Effectively challenge all aspects of the Risk and Control Self-Assessment (RCSA) of the business units under our remit, provide recommendations and follow up on their implementation Analyze risk data from various sources (e.g. external events, control deficiencies, risk register) to identify and measure levels of risk, concentration, trends and patterns and use it to assess the current control environment and recommend improvements where applicable Perform check and challenge of 1LOD mitigation plans, risk acceptances, permanent control action and audit recommendations, produce and communicate risk opinions and maintain working papers to substantiate and ensure objective basis for the risk opinions Collaborate with other 2LOD functions and teams across the Americas and Group on common priorities/projects Contribute to the successful execution of independent testing missions that are designed to evaluate TPRM risk identification and effective and sustainable mitigation. Perform independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. The individual will lead this effort from an independent risk assessment of these projects and will support vendor assessment and reporting the findings. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus. Implement the wider Enterprise Risk Management framework (HI, PI, RCSA, Recommendations and action plan follow-up) on the third party risks area. Contributing Responsibilities Technical & Behavioral Competencies Essential 5+ experience specifically in third party assessments. Bachelor degree in Business or Risk Management (or equivalent professional qualification). Team player focus on the success of the whole team. Working well both with others, as well as individually. Excellent stakeholder management skills. Experience in a Vendor risk management, Outsourcing risk management, Technology Risk, Information Security or an IT Audit role. Good listening and analytical skills being able to come to a thoughtful and business focused conclusion quickly. Ability to co-operate and work well with others adopting an approachable style Important as we work closely with a large and diverse set of suppliers and customers. Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done. Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well. Being rigorous and thorough especially when logging and tracking issues through to conclusion. Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Competencies Good knowledge of Information Security, Business Continuity, and IT Audit methodology and concepts. Understanding of the banking industry's regulatory requirements for managing of third parties Ability to articulate risk management concepts in business language. Excellent written and verbal communication skills. Proficient with Microsoft Office Suite. Prior experience documenting tool requirements to support risk management. Proven ability to manage issues through to resolution; skilled at making judgment calls. Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times. Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Knowledge of the English is required Knowledge of data analysis and visualization tools such as Tableau, Power BI, VBA is a plus Conduct Be a role model, supporting and fostering a culture of good conduct. Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks. Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.

Role & responsibilities Professional responsibilities for this manager position include but are not limited to: Applying internal control principles and technical knowledge, including Application Controls and IT General Controls; Developing and/or supervising the execution of detailed audit work plans for the IT audit component of the IA team through resource allocation, stakeholder coordination and quality review; Managing the identification of key risks and controls, including evaluation of control design; Evaluation of operational effectiveness of IT System Controls, utilizing appropriate testing techniques and professional skepticism; Providing regular status reports to IA management and internal clients/stakeholders, when necessary, to keep relevant parties informed of progress and potential issues; Assessing audit results, translating findings into level of risk, to produce meaningful insights and recommendations; Communicating risk findings, verbally and written, to clients in a pragmatic and helpful manner; Driving follow up and remediation of reported issues in a timely manner; Building meaningful relationships with clients through client engagements and networking; Managing and delivering against deadlines while working on multiple projects; Participating in development and delivery of training curriculum; and Coaching team members and reviewing their work. Minimum years of experience: 5+ year(s) of external/ internal audit experience (big four experience is preferred) Minimum Degree Required: Bachelors or master’s degree in accounting, Management Information Systems, Computer Science, Engineering or business related field Preferred Certifications: CISA, CISM, CISSP, CA and/or CIA Preferred Knowledge/ skills: Demonstrates extensive knowledge and/or proven record of success in the following areas: Security and controls for various on-premise and cloud-based technologies; Control standards (COSO, COBIT), control testing strategies; Public accounting practices and internal audit processes i.e., technology and tools for planning, testing and reporting; IT general controls concepts in the areas of system development, change management, computer operations and access to programs; Identifying and assessing business process controls and linkage to IT systems; and, IT security fundamentals across multiple domains including security management, security architecture, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, investigations and ethics. Additionally, candidates should have excellent communication (written and verbal) skills and should be able to work with global teams independently with minimal supervision. Flexible work hours are required to align with US and UK hours as agreed upon. SHift-2pm-11pm

This role will be part of TPRM process which would be part of Billing and Invoicing. Expectation from this role is to have an end to end understanding of TPRM. The role includes a considerable share of project work with interfaces to all involved departments. What well offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Your key responsibilities Implement and perform daily BAU of Third-Party Risk Management (TPRM) Gateway Control and Oversight processes Support Global Invoice Verification process centralization in cooperation with GF&B and SAP transformation project Check TPRM documentation Ensure correctness of invoice details and ensure compliance with legal requirements and contractual setup Oversight centrally all fee transactions, ensure all bookings are accurate and processed in time Analyze and resolve Cash-Breaks, perform reconciliation and past due review/follow-up Provide Data to finance and reporting department Cooperation with internal and external Stakeholdern (Procurement, Vertrags management, Finanzabteilung, Verwahrstellen, CRM und Audit) Constructively review new contract setups under consideration of its operational practicability Continuously challenge the operational status quo and support BAs and running project initiatives in cooperation with the SMEs Ensure process documentation, standardization and optimization Consider strategic goals respecting internal and external legal requirements such as Key Operating Documents (KOD), Service Level Agreements (SLA's), Key Performance Indicators (KPI's), Key Risk Indicators (KRI's) Ensure high quality oversight and reporting Mitarbeit an Projekten Your skills and experience Successfully completed business studies or comparable qualification Accounting skills, preferably in fund or financial accounting Experience in operations within asset management an advantage Product and system knowledge (Simcorp Dimension/Aladdin/SAP) an advantage Solid knowledge of MS Office applications (especially Excel) A strong willingness to learn and openness to explore new avenues Strong solution- and service-oriented communication skills, excellent written and spoken German and English Experience in dealing with internal and external customers and service providers Supportive team player Openness and ability to share information within the team and to convey specialist knowledge and expertise Initiative and a responsible willingness to improve the status quo and achieve measurable results Experience in operations within asset management and project an advantage Candidate should be B2 certified in German Language.

About the Role: We are seeking a highly experienced and strategic Security Architect with a strong focus on Governance, Risk, and Compliance (GRC) and Third-Party Risk Management (TPRM). This role is critical in enhancing our security posture, particularly within cloud and SaaS environments, and ensuring robust vendor and supplier security. The ideal candidate will possess deep security architecture expertise, strong analytical capabilities, and a proven ability to influence stakeholders across all levels of the organization, especially within the banking/finance sector. Key Responsibilities: Security Architecture & Strategy: Influence domain architecture and collaborate with business/technology owners to ensure alignment with stringent security requirements. Manage significant security decisions with senior management, Technology, and Business owners to ensure secure outcomes and adherence to appropriate governance practices. Proactively manage identified risks within the solutions risk posture, ensuring compliance within agreed Risk Appetite. GRC & TPRM Framework Enhancement: Collaborate with cross-functional teams to define and refine security-related processes, providing critical inputs to deliver enhanced vendor management, SaaS assurance, and monitoring frameworks. Actively participate in workgroups to identify areas for improvement and drive process efficiencies within GRC and TPRM. Assess and document existing SaaS applications in line with the enhanced vendor management framework, identifying control gaps, security risks, and proposing effective mitigation controls. Assess the root cause of control gaps and provide practical, achievable recommendations for risk mitigation. Stakeholder Engagement & Communication: Prepare clear and concise executive summaries to keep stakeholders informed of progress and seek guidance where applicable. Train other team members on the new frameworks and associated processes. Demonstrate strong business engagement and influencing skills, capable of navigating complex topics with fact-based analysis. Understand the trade-offs involved in balancing security requirements with business change, while simultaneously delivering technical capability and business benefit. Required Skills & Experience: Total Years of Experience: 10+ years in the Technology industry. Relevant Years of Experience: 3+ years of dedicated Security Architecture experience. 1+ years focusing on Cloud/SaaS Security. Mandatory Skills: Cloud/SaaS Security expertise. Strong background in GRC (Governance, Risk, and Compliance) with a focus on TPRM (Third-Party Risk Management). Core Technical & Domain Knowledge: Strong understanding of security principles, including threat modeling, controls, and risk assessment. Expertise in cloud security, particularly SaaS applications and third-party solutions. Experience with security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and other industry best practices. Banking/Finance experience is highly preferred. 3rd party risk/supplier security management is highly desirable. Soft Skills & Leadership Capabilities: Proven ability to collaborate effectively with diverse teams, including development, operations, and compliance. Excellent communication and presentation skills to effectively convey complex technical information to both technical and non-technical audiences. Demonstrated Decision Quality, Strategic Mindset, Situational Adaptability, Self-awareness, Courage, and Ensures Accountability. Desired/Secondary Skills: Experience interacting with Group Security Executives and Leadership Teams. Familiarity with Strategic Sourcing and Third-Party Risks teams. Engagement with Governance, Risk, and Compliance Technology delivery teams/executives. Collaboration with Architecture Strategy Advisory and Business domain Executives/Product Owners. Domain: Security Additional Information: Max Vendor Rate: INR 8,000 per day (excluding service tax). Background Check: Before onboarding. Shift Work: No standard daylight shifts. Working Model: Hybrid Assignment Duration: 12 Months Number of Openings: 1