TPRM | Mumbai Only | 4-8 years

Job Title: Consultant / Assistant Manager / Manager – Cybersecurity & Risk

Management

Location: Goregaon East Mumbai (Need local candidates only)

Experience Level:

● Consultant: 3+ years

● Assistant Manager: 5+ years

● Manager: 7+ years

Education: Post-graduation (preferably in Information Technology, Computer Science, or

related fields)

Certifications (Preferred/Required): ISO 27001 / ISO 22301 / CTPRM / CRM / CISA / CISM /

CISSP / CRCM / CCSP / CRISC

Role Overview

We are seeking highly skilled professionals in Cybersecurity, IT Risk, and Third-Party Risk

Management (TPRM) to join our growing team. The ideal candidate will have strong expertise

in IT internal audit, information security controls, and regulatory compliance frameworks,

with hands-on experience in performing risk assessments, vendor due diligence, and

control testing.

Depending on experience and level, you will be responsible for executing, leading, or managing

end-to-end risk and security engagements, including audits, vendor risk assessments, and

policy development initiatives.

Key Responsibilities

For All Levels

● Conduct comprehensive risk assessments, including identification, evaluation, and

mitigation of cybersecurity and operational risks.

● Perform IT internal audits and control testing aligned with ISO, NIST, GDPR, and PCI

DSS standards.

● Execute and oversee vendor onboarding and third-party risk management (TPRM)

processes.

● Evaluate and monitor compliance with information security frameworks such as SOC

1, SOC 2, and CSA STAR.

● Lead or contribute to incident management, business continuity planning (BCP),

and regulatory compliance activities.

● Manage and maintain risk control frameworks and ensure effective risk reporting and

communication with stakeholders.

● Participate in the development and review of policies, procedures, and key risk

indicators (KRIs).

● Support continuous monitoring, due diligence, and vendor relationship

management activities.

Level-Specific Expectations

Consultant (3+ years)

● Perform detailed control testing and IT/InfoSec risk assessments.

● Assist in developing risk mitigation strategies and preparing compliance reports.

● Collaborate with cross-functional teams for vendor due diligence and onboarding.

● Support automation and process improvement initiatives.

Assistant Manager (5+ years)

● Lead delivery of cybersecurity and TPRM engagements with accountability for timelines

and quality.

● Mentor and guide junior consultants in performing risk and control assessments.

● Own client and stakeholder communication, ensuring alignment with business

objectives.

● Drive process improvement, policy enhancement, and operational risk

management.

● Contribute to risk reporting, KRIs, and SLA/metrics review.

Manager (7+ years)

● Lead programs and large-scale cybersecurity or TPRM projects end-to-end.

● Drive business growth initiatives and contribute to the organization’s top-line

expansion.

● Build and maintain executive-level relationships with clients and vendors.

● Oversee development of risk scoring modules, contract risk management, and

procurement risk frameworks.

● Champion emerging technologies, automation, and AI adoption in risk processes.

● Manage and develop teams to deliver high-impact results.

Technical Skill Requirements

● Strong knowledge of IT internal audit, cybersecurity, IT SOX, SOC 1/SOC 2, and

Third Party Risk Reporting.

● Expertise in frameworks: CSA STAR, ISO 27001, NIST, PCI DSS, GDPR.

● Experience in control testing, network security, infrastructure assessments, cloud

security, and application security.

● Proficiency in risk assessment, due diligence, and continuous monitoring

methodologies.

● Exposure to risk scoring, KRIs, and SLA management.

Desirable Skills

● Knowledge of AI, data analytics, process automation, and policy development.

● Experience with training and awareness programs.

● Proven record of awards and acknowledgements in cybersecurity or risk management.

● Strong analytical, leadership, and communication skills with a growth mindset.