TPRM Senior Manager - Cyber (Japan)

Job TitleSenior Manager – Third Party Risk Management (TPRM) & Application SecurityLocationMumbai / Bangalore - JapanExperience6+ years (Early joiners preferred)Role OverviewWe are seeking a highly experienced Senior Manager – TPRM & Application Security to lead enterprise-wide third-party risk, application security risk, and GRC initiatives. The role requires deep expertise across vendor risk, cybersecurity, application security, ISO 27001, and GRC frameworks, along with strong stakeholder and leadership capabilities.The position will own risk governance for third-party applications, SaaS platforms, and internally developed applications, ensuring security, compliance, and regulatory alignment.Key ResponsibilitiesThird Party Risk Management (TPRM)- Lead the end-to-end TPRM lifecycle including onboarding, inherent risk assessment, due diligence, continuous monitoring, and vendor exit. - Perform and review vendor risk assessments covering IT, cybersecurity, data privacy, application security, and operational risks. - Oversee remediation plans, risk acceptances, and executive-level risk escalations.Application Security- Drive application security risk assessments for third-party and internally developed applications. - Review and govern secure SDLC controls, including security requirements, design reviews, and risk sign-offs. - Oversee results of VAPT, SAST, DAST, and API security assessments, ensuring timely remediation and closure. - Assess risks related to cloud, web, mobile, and SaaS applications used by third parties. - Collaborate with development, DevOps, and security teams on application risk mitigation strategies.GRC & Enterprise Risk- Design, enhance, and operationalize GRC and risk governance frameworks aligned with enterprise risk appetite. - Integrate TPRM and application security risk into enterprise risk management and reporting. - Develop risk dashboards, KRIs, and executive reports for leadership and risk committees.Cyber & Information Security Risk- Evaluate third-party cybersecurity controls, including IAM, data protection, logging, incident response, and BCP/DR. - Ensure alignment with ISO 27001 / ISMS control requirements and regulatory expectations. - Drive risk-based decisions for vendor onboarding and application go-live approvals.Compliance, Audit & Standards- Ensure compliance with ISO 27001, internal policies, and applicable regulatory requirements. - Support internal, external, and regulatory audits related to TPRM, application security, and cyber risk. - Track audit findings, corrective actions, and continuous improvement initiatives.Leadership & Stakeholder Management- Act as a trusted advisor to CIO, CISO, Risk, Compliance, Legal, Procurement, and Business teams. - Lead and mentor TPRM and security risk teams. - Manage high-risk vendor and application escalations with senior stakeholders.Required Skills & Experience- 6+ years of experience in TPRM, GRC, Application Security, Cyber Risk, or Information Security. - Strong hands-on experience with vendor risk assessments, application security reviews, and cyber control evaluations. - Working knowledge of secure SDLC, OWASP Top 10, API security risks, and cloud application security. - Practical exposure to ISO 27001 / ISMS, risk management frameworks, and audit processes. - Experience with regulated industries (BFSI, FinTech, Telecom, Healthcare, GCCs) preferred.Certifications (Mandatory / Highly Preferred)One or more of the following:- CISA - CISM - CISSP - CRISC - ISO 27001 Lead Implementer / Lead Auditor - CEH / GWAPT / CSSLP or other Application Security certificationsAdditional Preferences- Early joiners will be prioritized - Experience working with large vendor ecosystems, SaaS providers, and cloud environments is a strong plus

Apply Now