Job Title

Job Title Senior Manager – Third Party Risk Management (TPRM) & Application Security Location Mumbai / Bangalore - Japan Experience 6+ years(Early joiners preferred) Role Overview We are seeking a highly experiencedSenior Manager – TPRM & Application Securityto lead enterprise-wide third-party risk, application security risk, and GRC initiatives. The role requires deep expertise acrossvendor risk, cybersecurity, application security, ISO 27001, and GRC frameworks , along with strong stakeholder and leadership capabilities. The position will own risk governance for third-party applications, SaaS platforms, and internally developed applications, ensuring security, compliance, and regulatory alignment. Key Responsibilities Third Party Risk Management (TPRM) Lead theend-to-end TPRM lifecycleincluding onboarding, inherent risk assessment, due diligence, continuous monitoring, and vendor exit. Perform and reviewvendor risk assessmentscovering IT, cybersecurity, data privacy, application security, and operational risks. Oversee remediation plans, risk acceptances, and executive-level risk escalations. Application Security Driveapplication security risk assessmentsfor third-party and internally developed applications. Review and governsecure SDLC controls , including security requirements, design reviews, and risk sign-offs. Oversee results ofVAPT, SAST, DAST, and API security assessments , ensuring timely remediation and closure. Assess risks related tocloud, web, mobile, and SaaS applicationsused by third parties. Collaborate with development, DevOps, and security teams on application risk mitigation strategies. GRC & Enterprise Risk Design, enhance, and operationalizeGRC and risk governance frameworksaligned with enterprise risk appetite. IntegrateTPRM and application security riskinto enterprise risk management and reporting. Developrisk dashboards, KRIs, and executive reportsfor leadership and risk committees. Cyber & Information Security Risk Evaluate third-partycybersecurity controls , including IAM, data protection, logging, incident response, and BCP/DR. Ensure alignment withISO 27001 / ISMScontrol requirements and regulatory expectations. Drive risk-based decisions for vendor onboarding and application go-live approvals. Compliance, Audit & Standards Ensure compliance withISO 27001 , internal policies, and applicable regulatory requirements. Support internal, external, and regulatory audits related toTPRM, application security, and cyber risk . Track audit findings, corrective actions, and continuous improvement initiatives. Leadership & Stakeholder Management Act as a trusted advisor toCIO, CISO, Risk, Compliance, Legal, Procurement, and Businessteams. Lead and mentor TPRM and security risk teams. Manage high-risk vendor and application escalations with senior stakeholders. Required Skills & Experience 6+ yearsof experience inTPRM, GRC, Application Security, Cyber Risk, or Information Security . Strong hands-on experience withvendor risk assessments, application security reviews, and cyber control evaluations . Working knowledge ofsecure SDLC, OWASP Top 10, API security risks, and cloud application security . Practical exposure toISO 27001 / ISMS , risk management frameworks, and audit processes. Experience with regulated industries (BFSI, FinTech, Telecom, Healthcare, GCCs) preferred. Certifications (Mandatory / Highly Preferred) One or more of the following: CISA CISM CISSP CRISC ISO 27001 Lead Implementer / Lead Auditor CEH / GWAPT / CSSLP or other Application Security certifications Additional Preferences Early joiners will be prioritized Experience working with large vendor ecosystems, SaaS providers, and cloud environments is a strong plus