Job Title

Job TitleAssociate Director – Third Party Risk Management (TPRM)LocationMumbaiExperience10+ years of relevant experiencePreferred BackgroundBig 4 / Leading consulting firmsGlobal Captive Center (GCC) / Global In-House Center (GIC) experience – strongly preferred (project or program-based exposure acceptable)Role OverviewThe Associate Director – TPRM will lead and scale enterprise-wide third party risk management programs, with a strong focus on cyber risk, information security, and regulatory compliance. The role requires strategic leadership, stakeholder management at senior levels, and hands-on oversight of complex vendor risk engagements across global environments.Key ResponsibilitiesTPRM Strategy & Governance- Lead the design, enhancement, and execution of Third Party Risk Management frameworks aligned with global standards and regulatory expectations. - Establish and govern end-to-end TPRM lifecycle including onboarding, due diligence, risk tiering, ongoing monitoring, and offboarding. - Define risk appetite, assessment methodologies, and escalation models for third-party and fourth-party risks.Cyber & Information Security Risk- Oversee cyber and information security risk assessments for critical and high-risk vendors. - Review and challenge vendor controls across domains such as IAM, network security, data protection, cloud security, incident response, and BCP/DR. - Drive remediation plans and risk acceptance discussions with business and risk committees.Stakeholder & Leadership Management- Act as a trusted advisor to senior leadership, risk committees, CISO office, procurement, legal, and compliance teams. - Lead client-facing and internal governance forums including risk review boards and executive steering committees. - Provide strategic guidance on regulatory findings, audit observations, and risk issues related to third parties.Program & Project Management- Lead large-scale TPRM transformation or enhancement initiatives, including GCC/GIC setup or maturity improvement programs. - Manage multi-location teams and offshore/onshore delivery models. - Ensure consistency, quality, and timeliness of risk assessments and reporting.Regulatory, Audit & Compliance- Ensure alignment with global regulations and frameworks such as RBI, SEBI, ISO 27001, NIST, SOC, GDPR, and other regional data protection laws. - Support internal audits, external audits, and regulatory examinations related to third-party risk. - Drive closure of audit issues and regulatory action items.Required Skills & Expertise- Deep expertise in Third Party Risk Management, vendor risk assessments, and cyber risk governance. - Strong understanding of information security, cyber risk, privacy, and technology risk domains. - Experience working in or with Big 4 consulting firms is mandatory. - Exposure to Global Captive Centers / Global In-House Centers and complex global delivery models. - Proven ability to manage senior stakeholders and influence decision-making at leadership levels. - Strong program governance, reporting, and executive communication skills.Certifications (Mandatory / Strongly Preferred)One or more of the following:- CISM - CISSP - CISA - CRISC - ISO 27001 Lead Implementer / Lead Auditor - Other relevant cyber / information security certificationsEducation- Bachelor’s degree in Engineering, Technology, or a related discipline - Master’s degree or MBA is an added advantage