Job Description

Job Title: Sr. Manager- Third-party Risk

Experience: 15-20 Years

Location: Bangalore

Work Mode: WFO

Notice Period: Immediate joiner - 15 days

Primanry Skills: TPRM, Supply Chain Risk Assessments, Risk Assessment, ISO 27001, NIST CSF

Education Qualification: Any Computer/ Any Engineering

Roles and Responsibilities:

Design and enhance the third-party risk management framework and establish risk appetite guidelines.


Conduct and oversee third-party risk assessments, business impact analyses, and security control evaluations within OneTrust.

Develop and maintain a third-party risk register, ensuring accurate tracking and remediation of risks.

Lead remediation efforts for supply chain security gaps and facilitate creation of CUECs (Complementary User Entity Controls).

Review supplier MSAs/security terms and collaborate with Legal to address risk concerns.

Ensure compliance with firm security policies and evolving regulatory requirements.

Establish and manage risk reporting and escalation processes.

Stay current with emerging threats, industry frameworks, and relevant legislation.

Act as liaison between internal stakeholders and external vendors on critical security issues.

Create and present risk dashboards, reports, and executive summaries for leadership.

Contribute to development of scalable risk management models and automation tools.
Drive stakeholder engagement, incorporate feedback, and promote risk program adoption across the enterprise.

Qualifications &

Required Experience:

Extensive experience in third-party risk management, security assessments, audits, and control implementations.


Strong working knowledge of industry frameworks and standards: NIST, ISO, COSO, HiTrust, FAIR.

Familiarity with regulatory requirements: PCI-DSS, GDPR, HIPAA, CCPA, etc.

Hands-on experience with GRC tools: OneTrust, Security Scorecard, BitSight, or similar.

Proven ability to assess control weaknesses and develop actionable remediation plans.

Expertise in security control design, implementation, and monitoring.
Strong analytical, communication, and stakeholder management skills.

Preferred Experience:

Experience with global or enterprise-level risk programs in complex matrixed organizations.


Background across multiple information security domains.
* Experience presenting to senior leadership and creating executive-level documentation.