About Client:
One of our MNC clients offers technology consulting and digital solutions to global enterprises across industries, enabling transformative scale at unparalleled speed. With 145,000+ professionals across 90+ countries helping 1100+ clients, it provides a full spectrum of services including consulting, information technology, enterprise applications, business process services, engineering services, network services, customer experience &; design services, AI &; analytics, and cloud &; infrastructure services. It is the first Indian company in the world to have been awarded the Sustainable Markets Initiative's Terra Carta Seal, in recognition of actively leading the charge to create a climate and nature-positive future.
Job Overview:We are looking for a highly skilled and experienced Third-Party Risk Management (TPRM) professional to join our team. The ideal candidate will be responsible for assessing, monitoring, and mitigating risks associated with third-party vendors, contractors, and service providers. This role ensures that all third-party relationships comply with organizational standards, regulatory requirements, and industry best practices.
Key Responsibilities:- Third-Party Risk Assessments: Conduct risk assessments for all third-party vendors, focusing on areas such as security, privacy, financial stability, regulatory compliance, and operational impact.
- Risk Mitigation: Develop and implement strategies to mitigate risks associated with third-party relationships. Collaborate with stakeholders to address identified risks and implement controls.
- Due Diligence: Perform thorough due diligence before engaging with new third-party vendors, ensuring alignment with the organization's risk tolerance and regulatory requirements.
- Ongoing Monitoring: Continuously monitor third-party relationships for emerging risks, changes in business operations, compliance, and security posture.
- Vendor Audits and Assessments: Coordinate periodic audits and assessments of third-party vendors to evaluate performance, security, compliance, and risk management practices.
- Contract Management: Review and provide input into third-party contracts, ensuring that risk-related clauses, such as data protection, security, and compliance requirements, are included.
- Collaboration: Work closely with procurement, legal, IT, compliance, and other departments to ensure a comprehensive third-party risk management framework.
- Reporting: Prepare and present regular reports on third-party risk status, trends, and issues to senior management and relevant stakeholders.
- Regulatory Compliance: Ensure that third-party risk management processes comply with relevant regulations (e.g., GDPR, SOC 2, PCI-DSS, HIPAA).
- Incident Management: Act as the primary point of contact for any third-party related security incidents or breaches. Work with vendors and internal teams to investigate and mitigate the impact of such incidents.
Required Skills &; Experience:- Risk Management Expertise: Strong understanding of risk management principles, frameworks, and practices, especially related to third-party risks.
- Vendor Management: Experience managing vendor relationships and performing risk assessments for third-party providers, contractors, and service providers.
- Compliance Knowledge: Familiarity with industry standards and regulations (e.g., GDPR, SOC 2, PCI-DSS, HIPAA) and their application in third-party relationships.
- Security &; Privacy Knowledge: Understanding of cybersecurity principles, data privacy, and best practices in vendor security and compliance.
- Communication Skills: Strong verbal and written communication skills to interact with stakeholders across various departments and levels of the organization.
- Analytical Skills: Ability to evaluate risks, identify trends, and make informed decisions based on quantitative and qualitative data.
- Project Management: Experience in managing projects related to third-party risk management, including tracking deadlines, milestones, and deliverables.
- Technical Proficiency: Familiarity with risk management tools, vendor management software, and MS Office Suite (Excel, Word, PowerPoint).
Educational Requirements:- Bachelor's degree in Business, Risk Management, Information Security, Finance, or a related field.
- Certifications such as Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC), or similar are a plus.
Desirable Skills:- Experience with enterprise risk management (ERM) frameworks.
- Knowledge of IT risk management and information security frameworks such as ISO 27001, NIST, or COBIT.
- Experience in handling complex, high-risk vendor relationships.
- Ability to work in a fast-paced, dynamic environment with a proactive approach to problem-solving.
Benefits:- Competitive salary
- Health, dental, and vision insurance
- Retirement savings plan with employer match
- Paid time off and holidays
- Professional development and certification reimbursement
- Flexible working arrangements