Associate Director – Third Party Risk Management (TPRM)

Job Title

Associate Director Third Party Risk Management (TPRM)

Location

Mumbai

Experience

10+ years of relevant experience

Preferred Background

Big 4 / Leading consulting firms

Global Captive Center (GCC) / Global In-House Center (GIC) experience strongly preferred (project or program-based exposure acceptable)

Role Overview

The Associate Director TPRM will lead and scale enterprise-wide third party risk management programs, with a strong focus on cyber risk, information security, and regulatory compliance. The role requires strategic leadership, stakeholder management at senior levels, and hands-on oversight of complex vendor risk engagements across global environments.

Key Responsibilities

TPRM Strategy & Governance

• Lead the design, enhancement, and execution of Third Party Risk Management frameworks aligned with global standards and regulatory expectations.
• Establish and govern end-to-end TPRM lifecycle including onboarding, due diligence, risk tiering, ongoing monitoring, and offboarding.
• Define risk appetite, assessment methodologies, and escalation models for third-party and fourth-party risks.

Cyber & Information Security Risk

• Oversee cyber and information security risk assessments for critical and high-risk vendors.
• Review and challenge vendor controls across domains such as IAM, network security, data protection, cloud security, incident response, and BCP/DR.
• Drive remediation plans and risk acceptance discussions with business and risk committees.

Stakeholder & Leadership Management

• Act as a trusted advisor to senior leadership, risk committees, CISO office, procurement, legal, and compliance teams.
• Lead client-facing and internal governance forums including risk review boards and executive steering committees.
• Provide strategic guidance on regulatory findings, audit observations, and risk issues related to third parties.

Program & Project Management

• Lead large-scale TPRM transformation or enhancement initiatives, including GCC/GIC setup or maturity improvement programs.
• Manage multi-location teams and offshore/onshore delivery models.
• Ensure consistency, quality, and timeliness of risk assessments and reporting.

Regulatory, Audit & Compliance

• Ensure alignment with global regulations and frameworks such as RBI, SEBI, ISO 27001, NIST, SOC, GDPR, and other regional data protection laws.
• Support internal audits, external audits, and regulatory examinations related to third-party risk.
• Drive closure of audit issues and regulatory action items.

Required Skills & Expertise

• Deep expertise in Third Party Risk Management , vendor risk assessments, and cyber risk governance.
• Strong understanding of information security, cyber risk, privacy, and technology risk domains.
• Experience working in or with Big 4 consulting firms is mandatory.
• Exposure to Global Captive Centers / Global In-House Centers and complex global delivery models.
• Proven ability to manage senior stakeholders and influence decision-making at leadership levels.
• Strong program governance, reporting, and executive communication skills.

Certifications (Mandatory / Strongly Preferred)

One or more of the following:

• CISM
• CISSP
• CISA
• CRISC
• ISO 27001 Lead Implementer / Lead Auditor
• Other relevant cyber / information security certifications

Education

• Bachelors degree in Engineering, Technology, or a related discipline
• Masters degree or MBA is an added advantage