Senior Manager – Third Party Risk Management (TPRM) & Application Security

Job Title

Senior Manager – Third Party Risk Management (TPRM) & Application Security

Location

Mumbai / Gurgaon / Bangalore

Experience

6+ years (Early joiners preferred)

Role Overview

We are seeking a highly experienced Senior Manager – TPRM & Application Security to lead enterprise-wide third-party risk, application security risk, and GRC initiatives. The role requires deep expertise across vendor risk, cybersecurity, application security, ISO 27001, and GRC frameworks , along with strong stakeholder and leadership capabilities.

The position will own risk governance for third-party applications, SaaS platforms, and internally developed applications, ensuring security, compliance, and regulatory alignment.

Key Responsibilities

Third Party Risk Management (TPRM)

• Lead the end-to-end TPRM lifecycle including onboarding, inherent risk assessment, due diligence, continuous monitoring, and vendor exit.
• Perform and review vendor risk assessments covering IT, cybersecurity, data privacy, application security, and operational risks.
• Oversee remediation plans, risk acceptances, and executive-level risk escalations.

Application Security

• Drive application security risk assessments for third-party and internally developed applications.
• Review and govern secure SDLC controls , including security requirements, design reviews, and risk sign-offs.
• Oversee results of VAPT, SAST, DAST, and API security assessments , ensuring timely remediation and closure.
• Assess risks related to cloud, web, mobile, and SaaS applications used by third parties.
• Collaborate with development, DevOps, and security teams on application risk mitigation strategies.

GRC & Enterprise Risk

• Design, enhance, and operationalize GRC and risk governance frameworks aligned with enterprise risk appetite.
• Integrate TPRM and application security risk into enterprise risk management and reporting.
• Develop risk dashboards, KRIs, and executive reports for leadership and risk committees.

Cyber & Information Security Risk

• Evaluate third-party cybersecurity controls , including IAM, data protection, logging, incident response, and BCP/DR.
• Ensure alignment with ISO 27001 / ISMS control requirements and regulatory expectations.
• Drive risk-based decisions for vendor onboarding and application go-live approvals.

Compliance, Audit & Standards

• Ensure compliance with ISO 27001 , internal policies, and applicable regulatory requirements.
• Support internal, external, and regulatory audits related to TPRM, application security, and cyber risk .
• Track audit findings, corrective actions, and continuous improvement initiatives.

Leadership & Stakeholder Management

• Act as a trusted advisor to CIO, CISO, Risk, Compliance, Legal, Procurement, and Business teams.
• Lead and mentor TPRM and security risk teams.
• Manage high-risk vendor and application escalations with senior stakeholders.

Required Skills & Experience

• 6+ years of experience in TPRM, GRC, Application Security, Cyber Risk, or Information Security .
• Strong hands-on experience with vendor risk assessments, application security reviews, and cyber control evaluations .
• Working knowledge of secure SDLC, OWASP Top 10, API security risks, and cloud application security .
• Practical exposure to ISO 27001 / ISMS , risk management frameworks, and audit processes.
• Experience with regulated industries (BFSI, FinTech, Telecom, Healthcare, GCCs) preferred.

Certifications (Mandatory / Highly Preferred)

One or more of the following:

• CISA
• CISM
• CISSP
• CRISC
• ISO 27001 Lead Implementer / Lead Auditor
• CEH / GWAPT / CSSLP or other Application Security certifications

Additional Preferences

• Early joiners will be prioritized
• Experience working with large vendor ecosystems, SaaS providers, and cloud environments is a strong plus