Vice President - Third-Party Risk Management

Role Type: Individual Contributor (IC)

Function: Risk / Operational Risk / Vendor Risk

Location: Hyderabad

Experience: 15-20 years

Role Overview:

We are seeking an experienced Third-Party Risk Management (TPRM) professional to lead the end-to-end lifecycle of third-party risk oversight as an individual contributor. The role will be responsible for assessing, monitoring, and mitigating risks associated with vendors, suppliers, outsourcing partners, and strategic service providers, ensuring alignment with regulatory requirements and enterprise risk frameworks.

This role requires strong stakeholder management across business, procurement, legal, compliance, information security, and technology teams while driving risk governance, control effectiveness, and program maturity.

Key Responsibilities:

Third-Party Risk Oversight:

- Execute end-to-end third-party risk lifecycle including onboarding due diligence, inherent risk assessments, control evaluations, ongoing monitoring, and offboarding.

- Perform risk assessments across domains such as operational risk, information security, data privacy, financial health, business continuity, and regulatory compliance.

- Review vendor controls, SOC reports, certifications, audit findings, and remediation plans.

- Identify concentration risk, critical vendor exposure, and systemic dependencies.

Governance & Framework Management:

- Support development and enhancement of TPRM frameworks, policies, standards, and procedures aligned with regulatory expectations.

- Ensure adherence to enterprise risk management standards and outsourcing guidelines.

- Provide subject matter expertise during audits, regulatory reviews, and internal risk assessments.

- Maintain risk registers, issue tracking, and reporting dashboards for leadership.

Stakeholder & Business Partnership:

- Act as a trusted advisor to business units on third-party risk decisions, risk acceptance, and mitigation strategies.

- Collaborate with procurement, legal, cybersecurity, compliance, and operational risk teams to drive risk-informed vendor engagement.

- Support contract risk reviews including security clauses, data protection provisions, and SLAs.

Monitoring & Reporting:

- Track vendor performance, risk indicators, issues, and remediation progress.

- Prepare risk reports, executive summaries, and governance materials for senior stakeholders and risk committees.

- Monitor regulatory developments impacting third-party risk obligations.