TPRM Consultant
3 weeks ago
Kanpur, Uttar Pradesh, India
Cubical Operations LLP
Full time
Job Title: TPRM ManagerLocation: Bangalore and Gurgaon (Work From Office)
Experience: 2+ Years
Employment Type: Full-Time
Job Summary:
We are seeking an experienced and proactive Third Party Risk Management (TPRM) Consultant to join our growing risk and compliance team. The ideal candidate will be responsible for managing the end-to-end third-party risk lifecycle, driving compliance with regulatory and organizational standards, and collaborating with cross-functional teams to ensure robust information security and risk management practices.
Key Responsibilities:
- Lead and manage third-party risk assessments across vendors, service providers, and partners.
- Evaluate vendor controls around cybersecurity, data privacy, compliance, and operational risk.
- Collaborate with procurement, legal, IT security, and business teams to ensure third-party risks are identified, assessed, monitored, and mitigated effectively.
- Ensure compliance with ISO 27001, regulatory requirements, and internal GRC frameworks.
- Develop and maintain TPRM documentation, policies, processes, and metrics.
- Work closely with audit and compliance teams for periodic reviews, internal audits, and external regulatory audits.
- Monitor vendor performance and maintain an updated risk register.
- Conduct control testing, review vendor SOC reports, and track remediation plans for non-compliance or control gaps.
- Provide training and awareness sessions on third-party risk, GRC, and IT security standards to stakeholders.
Required Skills and Experience:
- Minimum 2 years of hands-on experience in Third Party Risk Management (TPRM).
- Strong knowledge of GRC frameworks, ISO 27001, IT Audit, and Network Security.
- Experience with cloud security and assessing cloud-based vendors (AWS, Azure, GCP).
- Familiarity with regulatory frameworks such as GDPR, RBI, SEBI, etc.
- Experience in risk assessment methodologies, control frameworks (NIST, COBIT), and issue tracking/remediation processes.
- Strong stakeholder management, analytical thinking, and problem-solving skills.
- Excellent communication, documentation, and presentation skills.
Preferred Qualifications:
- Bachelor's degree in Information Security, Computer Science, or a related field.
- Certifications such as CISA, CRISC, ISO 27001 Lead Auditor/Implementer, CISSP, or similar are a plus.
- Prior experience working in BFSI, IT/ITES, or consulting firms will be advantageous.
Immediate joiners preferred.
