TPRM Senior Manager - Cyber

Location: Bengaluru

Job Title
Senior Manager – Third Party Risk Management (TPRM) & Application Security
Location
Mumbai / Bangalore - Japan
Experience
6+ years  (Early joiners preferred)

Role Overview
We are seeking a highly experienced  Senior Manager – TPRM & Application Security  to lead enterprise-wide third-party risk, application security risk, and GRC initiatives. The role requires deep expertise across  vendor risk, cybersecurity, application security, ISO 27001, and GRC frameworks , along with strong stakeholder and leadership capabilities.
The position will own risk governance for third-party applications, SaaS platforms, and internally developed applications, ensuring security, compliance, and regulatory alignment.

Key Responsibilities
Third Party Risk Management (TPRM)
Lead the  end-to-end TPRM lifecycle  including onboarding, inherent risk assessment, due diligence, continuous monitoring, and vendor exit.
Perform and review  vendor risk assessments  covering IT, cybersecurity, data privacy, application security, and operational risks.
Oversee remediation plans, risk acceptances, and executive-level risk escalations.
Application Security
Drive  application security risk assessments  for third-party and internally developed applications.
Review and govern  secure SDLC controls , including security requirements, design reviews, and risk sign-offs.
Oversee results of  VAPT, SAST, DAST, and API security assessments , ensuring timely remediation and closure.
Assess risks related to  cloud, web, mobile, and SaaS applications  used by third parties.
Collaborate with development, Dev Ops, and security teams on application risk mitigation strategies.
GRC & Enterprise Risk
Design, enhance, and operationalize  GRC and risk governance frameworks  aligned with enterprise risk appetite.
Integrate  TPRM and application security risk  into enterprise risk management and reporting.
Develop  risk dashboards, KRIs, and executive reports  for leadership and risk committees.
Cyber & Information Security Risk
Evaluate third-party  cybersecurity controls , including IAM, data protection, logging, incident response, and BCP/DR.
Ensure alignment with  ISO 27001 / ISMS  control requirements and regulatory expectations.
Drive risk-based decisions for vendor onboarding and application go-live approvals.
Compliance, Audit & Standards
Ensure compliance with  ISO 27001 , internal policies, and applicable regulatory requirements.
Support internal, external, and regulatory audits related to  TPRM, application security, and cyber risk .
Track audit findings, corrective actions, and continuous improvement initiatives.
Leadership & Stakeholder Management
Act as a trusted advisor to  CIO, CISO, Risk, Compliance, Legal, Procurement, and Business  teams.
Lead and mentor TPRM and security risk teams.
Manage high-risk vendor and application escalations with senior stakeholders.
Required Skills & Experience
6+ years  of experience in  TPRM, GRC, Application Security, Cyber Risk, or Information Security .
Strong hands-on experience with  vendor risk assessments, application security reviews, and cyber control evaluations .
Working knowledge of  secure SDLC, OWASP Top 10, API security risks, and cloud application security .
Practical exposure to  ISO 27001 / ISMS , risk management frameworks, and audit processes.

Experience with regulated industries (BFSI, Fin Tech, Telecom, Healthcare, GCCs) preferred.
Certifications (Mandatory / Highly Preferred)
One or more of the following:
CISA
CISM
CISSP
CRISC
ISO 27001 Lead Implementer / Lead Auditor
CEH / GWAPT / CSSLP or other Application Security certifications
Additional Preferences
Early joiners will be prioritized
Experience working with large vendor ecosystems, SaaS providers, and cloud environments is a strong plus