Third Party Risk Analyst (TPRM)

Job Title GRC – Information Security Third‑Party Risk Assessment Specialist

Location : Gurugram/Mumbai

Experience: Upto 5 years (or as required)

Role Summary: The role involves managing Information Security Governance, Risk, and Compliance (GRC) with a strong focus on Third‑Party / Vendor Risk Assessments. The incumbent will ensure that vendors, service providers, and partners comply with applicable regulatory, industry, and organizational information security requirements.

Key Responsibilities: Third‑Party Risk Management (TPRM) Conduct end‑to‑end information security risk assessments of third parties, vendors, partners, service providers. Perform inherent risk profiling and residual risk evaluation while vendors onboarding, renewals and periodic reassessments. Assist in updating Master Vendor Inventory as per service details and classification .Review vendor‑provided information, security questionnaires, and supporting evidence Assess inherent security risks based on: Nature of services provided, Type and sensitivity of data accessed, processed, or stored .Degree of system and network access Regulatory and compliance impact .Assign inherent risk ratings (e.g., High / Medium / Low) to new vendors as per the organization’s security risk framework. Identify key risk drivers and control gaps at the inherent risk stage. Document assessment results and rationale in the designated risk assessment template or system. Perform detailed security risk assessments of third parties based on profiling criteria defined in the organization’s Security Risk Assessment Framework, including evaluation of service criticality, data sensitivity, access levels, regulatory impact, and inherent risk factors, to determine overall risk classification and required risk treatment actions. Coordinate with internal business stakeholders and vendor service owners to Collect and validate details related to vendor services and engagement scope. Clarify data access, system integration, and service dependencies. Identify, escalate, and report any issues, gaps, or support requirements impacting the risk assessment. Provide periodic status updates on assessment progress, risks, and timelines to relevant stakeholders. Assist in review and update of security risk framework for third parties. Support to business units in updating vendor and its services related information. Build and maintain relationships with internal stakeholders .Track progress and closure of open observations as per defined remediation plan for each assessment .Support in performing process related security assessments for the organization. Identify gaps, document risk findings, recommend corrective actions, and track remediation closures. Stakeholder Management Work closely with: IT & Security teams, Procurement & Legal Business units, Vendors and external assessors. Provide awareness and guidance on third‑party security and regulatory expectations.

Required Skills & Competencies: Technical & Domain Skills ,

Strong understanding of: Information security controls .Third‑party risk frameworks Regulatory compliance in BFSI .Hands‑on experience with: Vendor security assessments Risk rating methodologies Compliance reporting .Soft Skills ,Strong analytical and risk assessment skills .Excellent documentation and report‑writing abilities .Good stakeholder communication and negotiation skills .Ability to work independently and manage multiple assessments

Pay: ₹600,000.00 - ₹900,000.00 per year

Application Question(s):

• Do you have experience in Third-Party / Vendor Risk Assessments (TPRM)?
• How many years of experience do you have in GRC / Information Security?
• Are you familiar with frameworks like ISO 27001, NIST, or SOC 2?
• Have you worked on vendor security questionnaires and evidence review?
• What factors do you consider while performing an inherent risk assessment?
• What is the difference between inherent risk and residual risk?

Work Location: In person