Director – Third Party Risk Management (TPRM)

Job Title

Associate Director / Director – Third Party Risk Management (TPRM)

Location

Mumbai

Experience

10+ Years (Relevant TPRM / GRC Experience)

Role Overview

We are seeking a seasoned Associate Director – TPRM to lead and scale third-party risk management engagements for large enterprise and Global Capability Center (GCC) clients. The role requires strong leadership, deep risk and compliance expertise, and proven experience managing complex, multi-stakeholder programs. Candidates from Big4 or leading consulting firms will be preferred.

Key Responsibilities

TPRM & Risk Leadership

• Lead end-to-end Third-Party Risk Management programs across onboarding, due diligence, continuous monitoring, and offboarding.
• Design and implement TPRM frameworks aligned with global standards and regulatory expectations.
• Oversee vendor risk assessments covering information security, cyber risk, data privacy, operational resilience, and regulatory compliance.

GCC & Global Engagements

• Manage and deliver large-scale GCC projects , supporting global clients across regions (US, EMEA, APAC).
• Act as the primary point of contact for global stakeholders, risk committees, and senior leadership.
• Ensure alignment of India-based delivery with global governance, policies, and reporting standards.

Governance, Compliance & Assurance

• Drive risk assessments aligned with ISO 27001, ISMS, SOC, data privacy regulations, and enterprise risk frameworks.
• Review and challenge third-party controls, remediation plans, and risk acceptances.
• Support internal and external audits related to vendor risk and regulatory reviews.

Stakeholder & Team Management

• Build and manage high-performing TPRM teams, including managers and consultants.
• Mentor team members and ensure quality, consistency, and timeliness of deliverables.
• Engage with CXOs, CISOs, CROs, procurement heads, and compliance teams.

Strategy & Practice Development

• Contribute to TPRM practice growth, solution development, and proposal responses.
• Support pre-sales discussions, client presentations, and account expansion initiatives.
• Stay current with emerging regulatory, cyber, and third-party risk trends.

Required Skills & Experience

• 10+ years of experience in TPRM, GRC, Cyber Risk, or Technology Risk roles.
• Strong hands-on experience delivering GCC and global client engagements .
• Prior experience with Big4 or top-tier consulting firms (preferred).
• Deep understanding of vendor risk domains: information security, cyber, data privacy, business continuity, and regulatory risk.
• Proven experience leading large teams and complex programs.
• Excellent stakeholder management, communication, and executive presentation skills.

Certifications (Preferred)

• CISA, CISM, CISSP
• ISO 27001 Lead Auditor / Lead Implementer
• CRISC or equivalent risk certifications

Education

• Bachelor’s degree in Engineering, Technology, or related field
• MBA or relevant postgraduate qualification is a plus