36 Tprm Jobs

Role & responsibilities Required Qualifications: • Bachelors/Master’s degree in Information Security, Business Administration, or related field. • 7+ years of experience in Third-Party Risk Management, with at least 2–3 years in a functional implementation role. • Proven experience implementing TPRM solutions using ServiceNow (or similar GRC platforms like One Trust, Process Unity, Archer). • Strong knowledge of third-party risk lifecycle stages and regulatory frameworks relevant to TPRM. • Experience creating and configuring risk assessments, scoring models, workflows, and reporting tools. • Ability to communicate effectively with both technical and non-technical stakeholders. • Excellent analytical, documentation, and stakeholder management skills. Preferred Qualifications: • Experience in delivering or supporting TPRM managed services or SaaS TPRM solutions. • Familiarity with continuous third-party risk monitoring concepts and integrations with external threat intelligence platforms. • Exposure to industry-specific TPRM frameworks (e.g., financial services, healthcare, etc.).

Position Purpose The candidate for the Third Party Risk Management role within the BNPParibas Operational risk team is responsible for providing independent oversight and strategic 2LOD guidance on the Third Party Risk Management domains across both direct and indirect areas of responsibility for the CIB APAC operating entities. Responsibilities Direct Responsibilities Be responsible for supporting the development and implementation of a CIB wide Third Party risk management program including ICT and non-ICT third parties. Successful candidate will have exposure to developing and implementing risk management programs in global organizations, with robust knowledge of technology, risks, architectures and related tools. Prior third party risk experience (IT, Cyber, Vendor management etc.) and exposure to the Financial Services industry is a must. Experience with GRC tools and other risk management information systems is preferred. Effectively challenge all aspects of the Risk and Control Self-Assessment (RCSA) of the business units under our remit, provide recommendations and follow up on their implementation Analyze risk data from various sources (e.g. external events, control deficiencies, risk register) to identify and measure levels of risk, concentration, trends and patterns and use it to assess the current control environment and recommend improvements where applicable Perform check and challenge of 1LOD mitigation plans, risk acceptances, permanent control action and audit recommendations, produce and communicate risk opinions and maintain working papers to substantiate and ensure objective basis for the risk opinions Collaborate with other 2LOD functions and teams across the Americas and Group on common priorities/projects Contribute to the successful execution of independent testing missions that are designed to evaluate TPRM risk identification and effective and sustainable mitigation. Perform independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. The individual will lead this effort from an independent risk assessment of these projects and will support vendor assessment and reporting the findings. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus. Implement the wider Enterprise Risk Management framework (HI, PI, RCSA, Recommendations and action plan follow-up) on the third party risks area. Contributing Responsibilities Technical & Behavioral Competencies Essential 5+ experience specifically in third party assessments. Bachelor degree in Business or Risk Management (or equivalent professional qualification). Team player focus on the success of the whole team. Working well both with others, as well as individually. Excellent stakeholder management skills. Experience in a Vendor risk management, Outsourcing risk management, Technology Risk, Information Security or an IT Audit role. Good listening and analytical skills being able to come to a thoughtful and business focused conclusion quickly. Ability to co-operate and work well with others adopting an approachable style Important as we work closely with a large and diverse set of suppliers and customers. Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done. Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well. Being rigorous and thorough especially when logging and tracking issues through to conclusion. Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Competencies Good knowledge of Information Security, Business Continuity, and IT Audit methodology and concepts. Understanding of the banking industry's regulatory requirements for managing of third parties Ability to articulate risk management concepts in business language. Excellent written and verbal communication skills. Proficient with Microsoft Office Suite. Prior experience documenting tool requirements to support risk management. Proven ability to manage issues through to resolution; skilled at making judgment calls. Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times. Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Knowledge of the English is required Knowledge of data analysis and visualization tools such as Tableau, Power BI, VBA is a plus Conduct Be a role model, supporting and fostering a culture of good conduct. Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks. Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.

Role & responsibilities Professional responsibilities for this manager position include but are not limited to: Applying internal control principles and technical knowledge, including Application Controls and IT General Controls; Developing and/or supervising the execution of detailed audit work plans for the IT audit component of the IA team through resource allocation, stakeholder coordination and quality review; Managing the identification of key risks and controls, including evaluation of control design; Evaluation of operational effectiveness of IT System Controls, utilizing appropriate testing techniques and professional skepticism; Providing regular status reports to IA management and internal clients/stakeholders, when necessary, to keep relevant parties informed of progress and potential issues; Assessing audit results, translating findings into level of risk, to produce meaningful insights and recommendations; Communicating risk findings, verbally and written, to clients in a pragmatic and helpful manner; Driving follow up and remediation of reported issues in a timely manner; Building meaningful relationships with clients through client engagements and networking; Managing and delivering against deadlines while working on multiple projects; Participating in development and delivery of training curriculum; and Coaching team members and reviewing their work. Minimum years of experience: 5+ year(s) of external/ internal audit experience (big four experience is preferred) Minimum Degree Required: Bachelors or master’s degree in accounting, Management Information Systems, Computer Science, Engineering or business related field Preferred Certifications: CISA, CISM, CISSP, CA and/or CIA Preferred Knowledge/ skills: Demonstrates extensive knowledge and/or proven record of success in the following areas: Security and controls for various on-premise and cloud-based technologies; Control standards (COSO, COBIT), control testing strategies; Public accounting practices and internal audit processes i.e., technology and tools for planning, testing and reporting; IT general controls concepts in the areas of system development, change management, computer operations and access to programs; Identifying and assessing business process controls and linkage to IT systems; and, IT security fundamentals across multiple domains including security management, security architecture, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, investigations and ethics. Additionally, candidates should have excellent communication (written and verbal) skills and should be able to work with global teams independently with minimal supervision. Flexible work hours are required to align with US and UK hours as agreed upon. SHift-2pm-11pm

This role will be part of TPRM process which would be part of Billing and Invoicing. Expectation from this role is to have an end to end understanding of TPRM. The role includes a considerable share of project work with interfaces to all involved departments. What well offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Your key responsibilities Implement and perform daily BAU of Third-Party Risk Management (TPRM) Gateway Control and Oversight processes Support Global Invoice Verification process centralization in cooperation with GF&B and SAP transformation project Check TPRM documentation Ensure correctness of invoice details and ensure compliance with legal requirements and contractual setup Oversight centrally all fee transactions, ensure all bookings are accurate and processed in time Analyze and resolve Cash-Breaks, perform reconciliation and past due review/follow-up Provide Data to finance and reporting department Cooperation with internal and external Stakeholdern (Procurement, Vertrags management, Finanzabteilung, Verwahrstellen, CRM und Audit) Constructively review new contract setups under consideration of its operational practicability Continuously challenge the operational status quo and support BAs and running project initiatives in cooperation with the SMEs Ensure process documentation, standardization and optimization Consider strategic goals respecting internal and external legal requirements such as Key Operating Documents (KOD), Service Level Agreements (SLA's), Key Performance Indicators (KPI's), Key Risk Indicators (KRI's) Ensure high quality oversight and reporting Mitarbeit an Projekten Your skills and experience Successfully completed business studies or comparable qualification Accounting skills, preferably in fund or financial accounting Experience in operations within asset management an advantage Product and system knowledge (Simcorp Dimension/Aladdin/SAP) an advantage Solid knowledge of MS Office applications (especially Excel) A strong willingness to learn and openness to explore new avenues Strong solution- and service-oriented communication skills, excellent written and spoken German and English Experience in dealing with internal and external customers and service providers Supportive team player Openness and ability to share information within the team and to convey specialist knowledge and expertise Initiative and a responsible willingness to improve the status quo and achieve measurable results Experience in operations within asset management and project an advantage Candidate should be B2 certified in German Language.

About the Role: We are seeking a highly experienced and strategic Security Architect with a strong focus on Governance, Risk, and Compliance (GRC) and Third-Party Risk Management (TPRM). This role is critical in enhancing our security posture, particularly within cloud and SaaS environments, and ensuring robust vendor and supplier security. The ideal candidate will possess deep security architecture expertise, strong analytical capabilities, and a proven ability to influence stakeholders across all levels of the organization, especially within the banking/finance sector. Key Responsibilities: Security Architecture & Strategy: Influence domain architecture and collaborate with business/technology owners to ensure alignment with stringent security requirements. Manage significant security decisions with senior management, Technology, and Business owners to ensure secure outcomes and adherence to appropriate governance practices. Proactively manage identified risks within the solutions risk posture, ensuring compliance within agreed Risk Appetite. GRC & TPRM Framework Enhancement: Collaborate with cross-functional teams to define and refine security-related processes, providing critical inputs to deliver enhanced vendor management, SaaS assurance, and monitoring frameworks. Actively participate in workgroups to identify areas for improvement and drive process efficiencies within GRC and TPRM. Assess and document existing SaaS applications in line with the enhanced vendor management framework, identifying control gaps, security risks, and proposing effective mitigation controls. Assess the root cause of control gaps and provide practical, achievable recommendations for risk mitigation. Stakeholder Engagement & Communication: Prepare clear and concise executive summaries to keep stakeholders informed of progress and seek guidance where applicable. Train other team members on the new frameworks and associated processes. Demonstrate strong business engagement and influencing skills, capable of navigating complex topics with fact-based analysis. Understand the trade-offs involved in balancing security requirements with business change, while simultaneously delivering technical capability and business benefit. Required Skills & Experience: Total Years of Experience: 10+ years in the Technology industry. Relevant Years of Experience: 3+ years of dedicated Security Architecture experience. 1+ years focusing on Cloud/SaaS Security. Mandatory Skills: Cloud/SaaS Security expertise. Strong background in GRC (Governance, Risk, and Compliance) with a focus on TPRM (Third-Party Risk Management). Core Technical & Domain Knowledge: Strong understanding of security principles, including threat modeling, controls, and risk assessment. Expertise in cloud security, particularly SaaS applications and third-party solutions. Experience with security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and other industry best practices. Banking/Finance experience is highly preferred. 3rd party risk/supplier security management is highly desirable. Soft Skills & Leadership Capabilities: Proven ability to collaborate effectively with diverse teams, including development, operations, and compliance. Excellent communication and presentation skills to effectively convey complex technical information to both technical and non-technical audiences. Demonstrated Decision Quality, Strategic Mindset, Situational Adaptability, Self-awareness, Courage, and Ensures Accountability. Desired/Secondary Skills: Experience interacting with Group Security Executives and Leadership Teams. Familiarity with Strategic Sourcing and Third-Party Risks teams. Engagement with Governance, Risk, and Compliance Technology delivery teams/executives. Collaboration with Architecture Strategy Advisory and Business domain Executives/Product Owners. Domain: Security Additional Information: Max Vendor Rate: INR 8,000 per day (excluding service tax). Background Check: Before onboarding. Shift Work: No standard daylight shifts. Working Model: Hybrid Assignment Duration: 12 Months Number of Openings: 1

Job description KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates

Proficient in Risk assessment and analysis methodologies Risk management software and tools proficiency Knowledge of regulatory (GDPR,PCI-DSS, Anti-Money Laundering (AML)) requirements and compliance standards. Understanding of insurance principles and coverage. Industry-specific certifications (CRISC, CISM, ISO 27001:LA) Project management expertise. A thorough understanding of: ISO 27001 (Information Security Management) NIST Cybersecurity Framework SOC 1 and SOC 2 Standards

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level:8 + years. Location: Hyderabad / Bengaluru Required skills: 6 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level:5 + years. Location: Hyderabad / Bengaluru Required skills: 4 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 3+ years. Location: Hyderabad / Bengaluru Required skills: 3 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Role: Senior Associate Third Party Risk Management (TPRM) About the Company: Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won t just imagine the future-you ll create it. About the Job: The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 3+ years. Location: Hyderabad / Bengaluru Required skills: 3 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA Additional information (if any): Need to be flexible to provide coverage in US morning hours. Location: IND:KA:Bengaluru / Innovator Building, Itpb, Whitefield Rd - Adm: Intl Tech Park, Innovator Bldg

Role: Senior Associate Third Party Risk Management (TPRM) About the Company: Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won t just imagine the future-you ll create it. About the Job: The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 3+ years. Location: Hyderabad / Bengaluru Required skills: 3 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA Additional information (if any): Need to be flexible to provide coverage in US morning hours. Location: IND:KA:Bengaluru / Innovator Building, Itpb, Whitefield Rd - Adm: Intl Tech Park, Innovator Bldg

Functional Responsibilities: Collaborate with business stakeholders to gather and document detailed requirements across risk domains (ABAC, Cybersecurity, Privacy, R&D, EHS, etc.) Translate business needs into functional specifications and user stories Design and validate workflows for risk assessments, approvals, and escalations Support the configuration of front-end questionnaires and logic-based risk triggers Assist in defining KPIs, reporting needs, and audit trail requirements Technical Responsibilities: Implement and configure the ServiceNow Risk Management module Lead or support API integrations with tools such as: OneTrust, Archer, CyberGRX, Security Scorecard Veeva Vault, Rapid Ratings, Ariba, Onit, SharePoint Ensure data mapping, transformation, and validation between systems Support testing (UAT, SIT) and defect resolution Ensure compliance with data privacy, security, and audit requirements

The GRC (Governance, Risk, and Compliance) Cyber Security Consultant is responsible for providing expert guidance and support in the areas of cyber security risk management, compliance, and governance. This role involves working closely with clients to assess their current cyber security posture, identify vulnerabilities and risks, and develop strategies to mitigate those risks. Responsibilities: 1. Assess clients' cyber security framework and identify gaps in compliance 2. Develop and implement comprehensive cyber security policies and procedures 3. Conduct risk assessments to identify potential threats and vulnerabilities 4. Create risk mitigation plans and provide recommendations for improvement 5. Assist clients in achieving compliance with relevant industry standards and regulations 6. Stay up-to-date with the latest cyber security threats, trends, and best practices 7. Provide training and awareness sessions to educate clients on cyber security measures 8. Collaborate with cross-functional teams to ensure alignment on cyber security initiatives 9. Prepare detailed reports on findings, recommendations, and progress updates for clients 10. Participate in client meetings to present findings and provide guidance on cyber security matters

Conduct third party risk assessments in alignment with company security policies and industry standards Perform on site assessments of vendors to identify opportunities for improvement Provide input and aid in the development of policies focused on the security of third party business processes Foster relationships and influence the behavior internal teams and external parties Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively Complete monitor and control tasks triggered by supplier Tier and Third Party Interaction Model Collaborate with the line of business stakeholders to deliver year over year cost savings with managed third party relationships Assist in development and execution of category/supplier strategies Partner with internal budget owners to deliver against operating or marketing budgets Partner with appropriate stakeholders on contract negotiations for all managed third party relationships Qualifications for third party risk management: Minimum 4 years of experience developing and maintaining global vendor risk management programs CISSP, CISM, CISA, or CRISC certification preferred Solid understanding of information technology and security solutions Responsible for proper invoice review, reconciliation, and payment Monitor and ensure successful delivery against third party contractual obligations

Designation: Information Security Consultant Job Code: JD2208396 Location: Bangalore Number of Vacancies: 1 Total Experience: minimum 1 year Shift: General Reports to: CTO Qualification: BE/B.tech/Bsc/BCA/M.Tech/ME Certification: ISO 27001:2013 Lead Implementer (preferable) Job Description: IT Security Consultant , with overall 3+ years of professional experience with areas of expertise in Governance Risk & Compliance (GRC), Third Party Risk Management (TPRM), Information Systems Audits including ISO 27001, Data privacy, GDPR, ITGC Assessments, Control testing, Information Security, ISO 27001 Implementation, SOX and SOC 2, IT Risk assessments on application and infrastructure. Information Technology and Information Security Governance and Risk Compliance Implementation across various industries including Banking, Retail, Insurance, Energy, and e-commerce. Expertise in Vendor Management, Issue Management, Compliance Management, Policy Management, Business Continuity and Disaster Recovery& Risk management modules/solutions. Detailed knowledge of international regulations and best practices covering ITIL, COBIT, ISO 27000, SOX, COSO, PCI, HIPAA and NIST 800. Have experience in core ISMS, services focused on SOX, ITGC, COBIT, COSO, ISO 270001, specialized in Governance & Compliance and Internal Audits. Good experience in client interaction with global leaders during requirement specifications and project implementation phases. Performed risk assessments based on industry standards, provided recommendations to management on results of analysis and work closely with other team- members to refine and enhance security controls and reduce organizational risk. Managing GRC and Third-Party Risk Management related engagements. Conducting audit to check the security posture of critical vendors. Performing quality checks for third party risk assessment. Facilitating External and Internal audits for ISO 27001. Identify and assessing areas of significant business risk. Plan and evaluate IT-related technical and organizational measures. Managing and reporting compliance breaches and exposures. Conducting Compliance audits by reviewing SOC2 Type II, Hi-Trust, ISO27001, PCI-DSS reports. Supporting various departments by collecting and coordinating internal compliance data with auditors and various departments. Ensuring complete, accurate, and timely audit information is reported to Management and/or Risk Committees. Qualification Bachelor's degree in computer science (B. Tech, BE, BCA, or MCA), ISO 27001 :2013 LA Preferred, Experience in Audits and Assessments preferably covering ISO 27001, SOC 2 Type 2, GDPR, Client Audit and Privacy Regulations (GDPR) Experience in identifying and remediating threat & vulnerabilities. ***the candidate must have a very good communication skill

#Greetings from IDESABS!! Overall Budget Tracking and Reporting - Publish Budget report (Budget utilization tracking (month-on-month)) (Project budget accountability with Project Manager) - Expense tracking, Expense gaps management, Expense adjustments - Expense validation (planned vs. actual vs. adjusted) - Highlighting discrepancies / over-spends - Risk management (raise, maintain, monitor, and mitigate) for budget Vendor/Supplier Management - Support internal contract management (eg: TPRM) & Legal Clearance process (with PM) - Support for Vendor/Supplier Contracting and e-Memo process - Support for Vendor/Supplier Invoice management (leaves in timesheet, invoices). (PM to review the timesheet entries / activities) also, define and optimize the timesheet review process. Reporting a) WSR/Fortnight meeting with Management - Schedule meeting (and manage logistics) as per project governance plan - Schedule pre-consultations with stakeholders prior to meeting (as required) - Status report draft and publication [co-ordinate with respective PM/DM] - Draft, review and publish minutes of meeting post all status report meetings - Consolidate, assign, and track action item (until closure) with respective PIC b) SteerCo meeting [RSG Management and Project SteerCo] - Schedule meeting (and manage logistics) - Schedule pre-consultations with stakeholders prior to meeting (as required) - SteerCo deck draft and publication [co-ordinate with respective PM] - Draft, review and publish minutes of meeting post all SteerCo meetings - Consolidate, assign, and track action item (until closure) with respective PIC Project Management support and co-ordination a) Support to PMs - Maintain and track RAIDS register and report [co-ordinate with PMs] - Support for maintenance of stakeholder matrix for the project - Support for maintenance of communication plan - Support for new project initiation activities (project set-up, pre-consultation) - Support program manager for financial planning - Support on the Kessai process draft and submit application - Support PMs on Kessai drawdown process, review, and approval (Kessai Planning and approval managed by Prog. Mgr.) - Action tracking for the project and program activities (TO-DO tracker) b) Resource demand management and supply - Manage demand for APH program/project, forecasting and fulfilment - Create and maintenance of resource loading sheet (RLS) - Manage the resource requisition process (i.e. source, set-up interviews) - Management of resource leave management for project resources - Support on vendor resource onboarding process (laptop issuance, ID card, access & logistics)

Dear Applicants, Greetings from Teamware Solutions! Position: Third Party Risk Management Experience: 4-6 Years Location: Mumbai (Apply if you are in western line) Notice Period: Immediate Joiners Interested candidates can apply to the given Email ID: greeshma.t@twsol.com Job Description:- Develop a strong understanding of outsourcing regulatory requirements as they relate to outsourcing and how the Firm must meet those requirements Shepherd Intake Forms through the multiple project phases and ensuring the agreed Service Level Agreements (SLAs) and go live deadlines are met Provide project management support for the entire lifecycle of an engagement, to ensure that all project related deliverables are met (i.e., completion of calls, governance and regulatory requirements, clearance and acknowledgments from control groups, including Compliance, Tax, Legal, BU, etc.), including project status reporting Provide support to ongoing project initiatives Must have skills Third Party Program Engaging and Manage Stakeholder and their Reg. related requirements Vendor Management, Project Management, Stakeholder Management, Supply Management Understanding and some experience of Third Part program Looking for professionalism and maturity. Domain – Investment Banking

Role & responsibilities Skillset : SDLC , TPRM Assessments & Cybersecurity (Major requirements or primary skillset) Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring. Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google). Job Description: Security, Risk and Technology Strong knowledge of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, State Privacy Laws, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws. Ability to relate these regulations back to security controls. Understanding and application of information security standards and best practices including NIST Cybersecurity Framework, ISO 27001-4, CoBIT, Cloud Security Alliance, etc. Ability to identify risks, quantify them, and help recommend and design mitigations. Broad knowledge of Unix, Linux, Windows and mainframe server environments. Knowledge of various database platforms. Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring. Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google Cloud or Oracle Cloud) Education / Experience: Security, compliance, audit or risk covering a wide area of technologies and security domains including those previously mentioned. Financial industry or highly regulated industry background (Insurance, Banking, etc.) Project work experience with a recognized security, audit, or risk consulting firm a plus CISSP, CISA, CISM or other security/control certifications a plus. Bachelors degree or higher – preferably in Computer Science, Engineering, or a related scientific fields Communication Excellent verbal and written communication skills Ability to develop and QA/oversee development of high quality project artifacts Ability to collaborate, influence and communicate successfully in different ways concisely to different audiences (i.e., in business terms to business people, in technical terms to technical people) Able to develop and present dashboards Engagement Proven ability to engage with customers (IT and Business) and consultants in a highly professional and competent manner. Understanding and experience with project life cycles using proven methodologies – from analysis through implementation with hands-on deliverable development. Ability to work in a matrix reporting environment A practiced ability to influence peers, customers and project teams to make security minded decisions and changes Ability to scope projects, developing project charters, requirements, documenting issues and work plans, vendor selection, product/process design and implementation, change management/communication a plus.

The Senior Resilience Analyst Third-Party is a versatile and innovative risk professional who can support all aspects of Resilience, including Business Continuity, Disaster Recovery and Corporate Crisis Management. You will be responsible for supporting the implementation of a global, enterprise level and sustainable resilience framework in conjunction with a wide range of business stakeholders. About the Role: As the Senior Resilience Analyst, you will: Define the standard of adequate contingency plans for critical third- parties Wholistically pull the together the internal and external plans in case of third-party disruption Work with critical TR stakeholders to inform them of the Resilience framework and its importance. Will play a critical role in the mapping of vendors against critical operations as part of the operational Resilience Program Work with Third-party risk management team to review and approve Business Continuity and Disaster Recovery clauses Deliver subject matter expertise on resilience control function responsibilities within the Third-party lifecycle activities. Have an in-depth knowledge of Business Impact Analyses and work with key stakeholders to get them completed. Deliver BIA training sessions for process and asset owners to better familiarize them of expectations and requirements. Support the implementation of common resiliency and recovery taxonomies and policies. Identify business processes and then work to ensure they are resilient. Meet KPIs for process identification and BIA completion. Leverage BIA output to design new recovery strategies and refresh existing strategies for maintenance and resumption of operations to meet business requirements. Document the strategic information captured through the BIA within standardized business recovery plan templates to support the execution of strategies and the continuation and recovery of business activities. Work with the other teams in Risk and Compliance to drive efficiencies and risk mitigation capabilities across the Risk and Compliance organization. Work together with Third-Party Risk to identify critical third-party vendors (leveraging BIA output) and begin to co-develop recovery strategies with vendors to support continuity of services. Support the enterprise-wide Crisis Management process and integrate escalation and response protocols into the Resiliency function. About you: A Bachelors degree level in relevant subject (e.g., Business Administration/Management, Economics, Finance, Technology, Innovation) 5+ years in a similar role or any valid combination of education and experience Versatility to understand various and complex subjects to adequately build collaborative, productive and trust-based relationships within the business segments and functions Solid experience in creating, editing, and proofreading executive-level documentation and material Proven ability to take initiative and influence within a matrix organization to achieve results Knowledge of controls in business and technology environments (e.g., SOx) Expert knowledge of MS Office (Word, Excel, PowerPoint) Strong knowledge of GRC tools, specifically Fusion Excellent organizational skills and attention to detail, with the ability to autonomously set and meet deadlines Additional key differentiators would be: Hands-on experience in the design and scaling of a Resilience Framework and enhancing organisational maturity. In depth knowledge of ISO 22301. In depth knowledge of Fusion, including process automation. Technology fluency: Knowledge of PowerBI, Tableau and good understanding of technology concepts such as AI, ML, RPA, and data science.

Understanding the requirement to conduct comprehensive information security risk assessment of 3rd party service provider (TPRM) who will provide new services/applications Plan and conduct periodic assessment of existing vendors as per organizations

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

Role & responsibilities About the job At Sanofi we chase the miracles of science to improve peoples lives. We are dedicated to making a positive impact on the lives of the patients and families we serve, and we accomplish our goals through world-class research and with the compassion and commitment of our employees. As we continue to transform the practice of medicine, the next chapter of Sanofis Play to Win strategy will require a focus on delivering transformation and simplification of our core processes, optimizing resource allocation and deployment to fuel business growth and investment in science. To facilitate this transformation, a new Business Operations Business Unit is being established, bringing together existing business service activities, and driving further expansion of centralized services at scale into a global unit, with a focus on driving simplification, efficiency, and productivity. This new Business Unit will enable the delivery of best-in-class business support capabilities across the organization, incorporating and engaging disparate teams from across areas such as R&D, M&S, the Corporate Functions and GBUs into new global Service Delivery Towers with initial services spanning Commercial, Finance, Procurement and People & Culture. Reporting to the Head of Procurement Risk Assurance, the Risk Assurance Analyst plays a critical role in assessing and managing risks. The incumbent supports the development and execution of strategies to ensure sustainable supplier relationships align with Sanofi's business objectives. Responsibilities: Risk Assessment : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. Compliance : Collaborating with procurement teams to drive adherence and enhance controls across the E2E Procurement lifecycle. Ensure compliance with relevant industry standards and regulatory requirements. Reporting and Data Visualization: Generate regular reports and dashboards for TPRM process and Supplier risk factors, compliance metrics, and key performance indicators for stakeholders and leadership. (Power BI, COUPA Analytics preferred) Collaboration: Work closely with Procurement, GBUs and Risk Domain Experts to integrate risk management practices into the supplier relationship lifecycle. Continuous Improvement: Identify opportunities for enhancing risk management processes, implementing best practices to drive positive outcomes. share resume to nedunuri.saikumar@manpower.co.in IT ISA CONTRACTUAL ROLE FOR 1 YEAR AND WILL BE RENEWED YEARLY

Step into a leadership role as a Controls Assurance Manager , driving risk and compliance strategies across the business. You will conduct control testing, oversee issue assurance, and collaborate with senior stakeholders to enhance governance and security frameworks. Location : Mumbai/Pune Your Future Employer: Join a global leader in enterprise security and technology, providing robust governance, risk, and compliance (GRC) solutions. Be part of a dynamic team that ensures regulatory excellence and operational resilience. Responsibilities: Performing control testing across Third Party Risk Management, Operational Resilience, Data & Privacy. Overseeing and supporting the Technology controls testing team. Supporting Issue Assurance processes and validating closure packs. Assisting management in remediating control gaps and implementing improvements. Building strong relationships with key stakeholders and senior leadership. Enhancing IT risk efficiency through innovative approaches. Requirements: Graduate in any discipline. 8+ years of experience in Technology and/or Security Risk Management. Strong knowledge of risk management frameworks and three lines of defense practices. Experience in Financial Services, IT Risk, and Operational Resilience. Certifications like CGEIT/CRISC would be an advantage. Whats in it for you: Opportunity to work with global stakeholders and industry leaders. A dynamic work environment with cutting-edge technology risk practices. Career growth in enterprise security and governance.

Job Description : Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings Exp : 3+ years Expertise with Vendor Risk Management, GRC, and ISO 27001. Shift timing : 1.00 PM-10 PM IST Hybrid mode of work Location : Hyderabad Notice Period : Immediate- 30 days only.