Job Title

Job TitleAssociate Director – Third Party Risk Management (TPRM)LocationMumbaiExperience10+ years of relevant experiencePreferred BackgroundBig 4 / Leading consulting firmsGlobal Captive Center (GCC) / Global In-House Center (GIC) experience – strongly preferred (project or program-based exposure acceptable)Role OverviewThe Associate Director – TPRM will lead and scale enterprise-wide third party risk management programs, with a strong focus on cyber risk, information security, and regulatory compliance. The role requires strategic leadership, stakeholder management at senior levels, and hands-on oversight of complex vendor risk engagements across global environments.Key ResponsibilitiesTPRM Strategy & GovernanceLead the design, enhancement, and execution of Third Party Risk Management frameworks aligned with global standards and regulatory expectations.Establish and govern end-to-end TPRM lifecycle including onboarding, due diligence, risk tiering, ongoing monitoring, and offboarding.Define risk appetite, assessment methodologies, and escalation models for third-party and fourth-party risks.Cyber & Information Security RiskOversee cyber and information security risk assessments for critical and high-risk vendors.Review and challenge vendor controls across domains such as IAM, network security, data protection, cloud security, incident response, and BCP/DR.Drive remediation plans and risk acceptance discussions with business and risk committees.Stakeholder & Leadership ManagementAct as a trusted advisor to senior leadership, risk committees, CISO office, procurement, legal, and compliance teams.Lead client-facing and internal governance forums including risk review boards and executive steering committees.Provide strategic guidance on regulatory findings, audit observations, and risk issues related to third parties.Program & Project ManagementLead large-scale TPRM transformation or enhancement initiatives, including GCC/GIC setup or maturity improvement programs.Manage multi-location teams and offshore/onshore delivery models.Ensure consistency, quality, and timeliness of risk assessments and reporting.Regulatory, Audit & ComplianceEnsure alignment with global regulations and frameworks such as RBI, SEBI, ISO 27001, NIST, SOC, GDPR, and other regional data protection laws.Support internal audits, external audits, and regulatory examinations related to third-party risk.Drive closure of audit issues and regulatory action items.Required Skills & ExpertiseDeep expertise in Third Party Risk Management, vendor risk assessments, and cyber risk governance.Strong understanding of information security, cyber risk, privacy, and technology risk domains.Experience working in or with Big 4 consulting firms is mandatory.Exposure to Global Captive Centers / Global In-House Centers and complex global delivery models.Proven ability to manage senior stakeholders and influence decision-making at leadership levels.Strong program governance, reporting, and executive communication skills.Certifications (Mandatory / Strongly Preferred)One or more of the following:CISMCISSPCISACRISCISO 27001 Lead Implementer / Lead AuditorOther relevant cyber / information security certificationsEducationBachelor’s degree in Engineering, Technology, or a related disciplineMaster’s degree or MBA is an added advantage