GRC SM / AD - Cyber

Job Title GRC / Third Party Risk Management (TPRM) – SM / AD Location Gurgaon / Noida Experience 8+ years (Relevant experience in TPRM, ISMS, and Information Security) Notice Period Immediate joiners preferred Role Overview The TPRM Manager / Senior Manager will be responsible for leading and overseeing third-party risk assessments across information security, cybersecurity, privacy, and operational risk domains. The role requires strong expertise in ISMS, ISO 27001, and vendor risk governance, with the ability to engage senior stakeholders and drive risk mitigation initiatives across the organization. Key Responsibilities Third Party Risk Management Lead end-to-end Third Party Risk Management (TPRM) lifecycle including onboarding, periodic reviews, and offboarding assessments. Conduct vendor risk assessments covering information security, cyber risk, privacy, business continuity, and regulatory compliance. Review and evaluate third-party security controls, policies, and risk evidence. Identify, assess, and track third-party risks and remediation plans. Support risk-based decision-making for vendor onboarding and renewals. ISMS & ISO 27001 Drive implementation, monitoring, and continuous improvement of ISMS aligned with ISO 27001 standards. Perform ISO 27001 risk assessments, gap assessments, and internal audits. Support certification, surveillance audits, and management reviews. Align third-party controls with organizational ISMS requirements. Governance, Risk & Compliance Develop and maintain TPRM policies, procedures, frameworks, and risk methodologies. Ensure compliance with applicable regulatory and industry standards (e.g., RBI, SEBI, GDPR, SOC, NIST, ISO). Provide risk reporting and dashboards to senior management and stakeholders. Support regulatory audits and external assessments related to vendor risk. Stakeholder & Team Management Act as a key point of contact for business, procurement, legal, IT, and security teams. Review and approve risk assessment outputs prepared by junior team members. Mentor and guide team members to ensure quality and consistency of assessments. Engage with vendors to resolve security gaps and drive timely remediation. Required Skills & Experience 6+ years of experience in Third Party Risk Management, Information Security, or GRC roles. Strong hands-on experience in TPRM frameworks, vendor risk assessments, and risk reporting. In-depth knowledge of ISMS and ISO 27001 implementation and audits. Experience with security questionnaires, evidence review, and control validation. Familiarity with regulatory and industry standards such as NIST, SOC 2, GDPR, RBI/SEBI guidelines. Strong communication skills with the ability to interact with senior stakeholders and vendors. Certifications (Highly Preferred / Plus) ISO 27001 Lead Implementer / Lead Auditor CISA, CISM, CRISC CISSP Any relevant risk or information security certification Education Bachelor’s degree in Engineering, Information Security, Computer Science, or related field. Master’s degree or MBA is an added advantage.