Job Description
Job Description
Job Title: TPRM Manager – Cybersecurity & Technology Risk
Location: Ahmedabad, India
Experience: 7+ Years
Department: Technology Risk, Cybersecurity & TPRM Consulting
Reporting To: Regional Partner / Director – Technology Risk & Cybersecurity
Notice Period: Early joiners preferred
Role Overview
We are seeking a highly capable and self-driven TPRM Manager to establish and scale the Third Party Risk Management practice in Ahmedabad. This is a leadership role in a growing geography, requiring independent ownership of client engagements, end-to-end vendor risk assessments, stakeholder management, and contribution to regional practice and revenue growth.
The ideal candidate will have strong expertise in TPRM, IT Risk Management, and Information Security, with hands-on experience in vendor assessments, control evaluations, and regulatory compliance across BFSI and regulated industries.
Key Responsibilities
1. Client & Engagement Management
- Independently lead TPRM engagements for clients across BFSI, Telecom, Manufacturing, Healthcare, and GCCs.
- Act as the single point of contact for TPRM engagements in the Ahmedabad region.
- Build trusted relationships with CXOs, CISOs, Procurement Heads, Compliance, and Internal Audit leaders.
- Plan, scope, and execute third-party risk assessments aligned with industry standards and regulatory expectations.
- Review assessment reports, risk ratings, and remediation plans to ensure quality, consistency, and timely delivery.
2. TPRM & Risk Assessment Delivery
- Conduct end-to-end vendor risk assessments, including inherent risk scoring and residual risk evaluation.
- Assess third-party controls across:
- Information Security & Cybersecurity
- IT General Controls (ITGC)
- Data Privacy & Regulatory Compliance
- Business Continuity & Disaster Recovery (BCP/DR)
- Cloud and Outsourced Service Providers
- Perform SOC 1 / SOC 2 report reviews, control gap analysis, and risk acceptance recommendations.
- Evaluate compliance with frameworks and regulations such as ISO 27001, NIST CSF, CIS Controls, RBI, SEBI, GDPR, and local data protection requirements.
- Coordinate with specialist teams for VAPT, cloud security, and privacy assessments where required.
3. Stakeholder & Team Leadership
- Collaborate with internal stakeholders including partners, service line leaders, legal, compliance, and delivery teams across regions.
- Provide technical guidance, mentoring, and quality reviews for junior consultants and analysts.
- Represent the Ahmedabad location in regional TPRM capability-building initiatives and leadership forums.
4. Business Development & Market Growth
- Identify and develop opportunities in TPRM, vendor risk, and digital trust services.
- Support proposal development, RFP responses, and client presentations.
- Participate in industry forums, client workshops, and thought leadership initiatives focused on third-party risk.
- Contribute to regional revenue targets and help build a local TPRM client portfolio.
Qualifications & Experience
- Education: B.E./B.Tech in Computer Science, IT, or related discipline (MBA preferred).
- Experience:
- 7+ years of experience in TPRM, IT Risk, Cybersecurity, or Technology Risk Consulting.
- Hands-on experience in vendor risk assessments, SOC report reviews, and regulatory compliance.
- Proven ability to manage end-to-end client engagements independently.
- Exposure to business development and client acquisition is a strong advantage.
Certifications (Preferred)
- CISA
- CISM
- ISO 27001 Lead Auditor
- CRISC
- Third Party Risk / Vendor Risk certifications
- Data Privacy certifications (preferred)
Core Skills & Competencies
- Strong understanding of TPRM lifecycle, inherent risk scoring, due diligence, and continuous monitoring.
- Working knowledge of ISO 27001, NIST CSF, CIS Controls, COBIT, RBI & SEBI guidelines, and global regulatory expectations.
- Ability to translate vendor control gaps into business and regulatory risk.
- Excellent communication, presentation, and stakeholder management skills.
