BNP Paribas
Website:
bnpp.lk
Job details:
Position Purpose: The TPTRM Team Manager is accountable for the end‑to‑end governance of third‑party risk across all assigned territories. The role ensures that third‑party risk assessments are systematically tracked, monitored, and completed within agreed timelines, while providing clear escalation pathways and reporting to the appropriate risk‑centric committees at territory, regional, and global levels. Through strong collaboration with procurement, outsourcing, and local security stakeholders – both within the group and in each geography – the manager drives a consistent, proactive risk‑management program that protects the firm’s operational integrity and regulatory compliance. The manager’s leadership ensures the function operates as a strategic partner to the business, delivering timely, actionable risk insight while cultivating a skilled and motivated risk‑management team.
Responsibilities
Direct Responsibilities
Lead the worldwide program – own the end‑to‑end process for vendor risk assessments, continuous monitoring, reporting, and remediation across all regions (Americas, EMEA, APAC).· Define, enforce and monitor Service Level Agreements (SLA) for every stage of the assessment lifecycle (scoping, data‑collection, review, sign‑off). Ensure SLA compliance across all territories and drive corrective actions when deadlines are missed.
Guarantee that the global program adheres to Group‑wide policies and to local regulatory requirements (GDPR, CCPA, APAC‑specific data‑localisation rules, etc.). Maintain an up‑to‑date matrix of regional regulatory obligations and embed them into the assessment templates.· Maintain a unified assessment dashboard that tracks progress of all Third‑Party Security Reviews worldwide. Promptly identify overdue or high‑risk assessments, trigger escalations, and communicate status to the appropriate local, regional, and global managers.·
Partner with local security teams in every geography to cascade the global framework, policies, and procedures. Provide training, Q&A sessions, that ensures consistent execution of security controls for vendors.
Work with Business Continuity Management (BCM) and Application Security teams across regions to guarantee that third‑party vendors receive appropriate BCM and AppSec reviews. Align their findings with the overall TPRM risk rating and remediation plans·
Perform a global quality review of assessment reports generated. Verify that all key risk domains are adequately covered and are applied consistently.
Coordinate with the enterprise RISK ORC and Internal Audit to conduct control‑testing of TPRM activities. Ensure that testing is aligned with global and regional policies, and that any deficiencies are tracked to closure.
Serve as the global contact for all TPRM‑related queries from corporate, regional, and local teams, as well as from external auditors, regulators, and business partners. Provide clear, timely guidance and maintain a knowledge‑base of frequently asked questions.
Present vendor‑risk findings and trend analyses at global risk‑centric forums (and at regional/territory committees. Prepare executive summaries, heat‑maps, and risk‑action plans for senior leadership.
Own the TPRM technology stack (assessment platform, workflow engine, data repository). Lead enhancements, integrations and ensure that all documentation, assessment artefacts, and evidence are stored in a centralized, searchable database.
Maintain a master repository of all policies, procedures, assessment templates, scoring guides, and historical assessment data. Ensure version control, audit trails, and accessibility for all authorized stakeholders.·
Consolidate regional regulatory reporting into a global Technology‑Risk Committee submission. Produce quarterly and ad‑hoc reports that satisfy regulatory bodies (and internal governance requirements.
Continuously scan for emerging third‑party risk trends (e.g., supply‑chain attacks, geopolitical exposure). Escalate unresolved or non‑responsive vendors to senior management with recommended mitigation actions (contract termination, additional controls, third‑party remediation).
Build and lead a globally distributed TPRM team (analysts, coordinators, regional liaisons). Set objectives, conduct performance reviews, provide coaching, and champion professional development (certifications, cross‑regional rotations).
Drive a culture of continuous improvement by capturing lessons learned, benchmarking against industry best practices (e.g., ISO 27036, Shared Assessments), and proposing enhancements to the global TPRM framework, metrics, and governance model.
Manage the budget for TPRM tools, external consultants, and third‑party assessment services.
Contributing Responsibilities
- · Work closely with Global Business Information Security teams to adopt and disseminate best‑practice outsourcing‑risk‑management guidelines that address the requirements of multiple regulators worldwide.
- · Contribute to group‑wide initiatives aimed at enhancing the Third‑Party Risk Management policies, processes, and methodologies, ensuring they serve the best interests of the entire BNPP Group.
- · Participate in global, regional and local statutory, information‑security, and regulatory audits to verify compliance with the Third‑Party Risk Management framework across all territories.
Technical & Behavioral Competencies
- · Professional Certifications - Certified Third Party Risk Professional (CTPRP), CISA, CRISC, CIPM, ISO 27001 Lead Implementer, or equivalent security/compliance certifications desirable.
- · Experience - 12 + years of experience in third party risk, vendor security assessments or GRC.
- · Minimum 5 years of people management experience, leading a distributed team of 5 / 10+ professionals.
- · Analytical & Communication - Ability to translate complex technical risk findings into clear business language for senior executives.
- · Excellent written and verbal communication skills; experience delivering board level presentations.
- · Project Management - Proven track record delivering process improvement projects on time and within budget. PMP or PRINCE2 certification is an advantage.
- · Negotiation & Influence - Demonstrated ability to influence cross functional stakeholders and drive compliance without direct authority.
Skills Referential (Required knowledge, skills and abilities)
Technical Skills:
- Domain Knowledge - Deep understanding of third party risk frameworks, security by design, data privacy regulations, and supply chain risk. Experience with global, multi-jurisdictional programmes.
- Technical Skills - Proficiency with TPRM platforms (e.g., OneTrust Vendor Risk, RSA Archer, Process Unity).
- Strong data analysis capability (Excel, PowerBI, Tableau, or similar).
- Familiarity with cloud security (AWS, Azure, GCP) and SaaS vendor assessments.
Behavioral Skills:
- Strategic Thinking - Anticipates evolving risk landscape; aligns TPRM roadmap with corporate strategy.
- Leadership - Inspires, mentors, and develops a high performing, culturally diverse team.
- Collaboration - Works effectively across procurement, legal, security, IT, and business units worldwide.
- Decision Making - Makes timely, data driven decisions, balancing risk appetite and business needs.
- Attention to Detail - Ensures rigorous quality controls and accurate reporting of assessment outcomes.
- Change Management - Leads adoption of new processes, tools, and policies across global locations.
- Ethical Integrity Maintains confidentiality and adheres to the highest ethical standards.
Education Level: Bachelor’s degree in computer science, information Technology or Technology Management, Risk Management, Business Administration, Engineering or related field. Infosec Specialization (preferred)
Location: Mumbai
Click on Apply to know more.