Job Title: TPTRM Team Manager

Department: IT Security - TPTRM

About Business line/Function: IT Security

Position Purpose: The TPTRM Team Manager is accountable for the end‑to‑end governance of third‑party risk across all assigned territories. The role ensures that third‑party risk assessments are systematically tracked, monitored, and completed within agreed timelines, while providing clear escalation pathways and reporting to the appropriate risk‑centric committees at territory, regional, and global levels. Through strong collaboration with procurement, outsourcing, and local security stakeholders – both within the group and in each geography – the manager drives a consistent, proactive risk‑management program that protects the firm’s operational integrity and regulatory compliance. The manager’s leadership ensures the function operates as a strategic partner to the business, delivering timely, actionable risk insight while cultivating a skilled and motivated risk‑management team.

Responsibilities

Direct Responsibilities

·       Lead the worldwide program – own the end‑to‑end process for vendor risk assessments, continuous monitoring, reporting, and remediation across all regions (Americas, EMEA, APAC).

·       Define, enforce and monitor Service Level Agreements (SLA) for every stage of the assessment lifecycle (scoping, data‑collection, review, sign‑off). Ensure SLA compliance across all territories and drive corrective actions when deadlines are missed.

·       Guarantee that the global program adheres to Group‑wide policies and to local regulatory requirements (GDPR, CCPA, APAC‑specific data‑localisation rules, etc.). Maintain an up‑to‑date matrix of regional regulatory obligations and embed them into the assessment templates.

·       Maintain a unified assessment dashboard that tracks progress of all Third‑Party Security Reviews worldwide. Promptly identify overdue or high‑risk assessments, trigger escalations, and communicate status to the appropriate local, regional, and global managers.

·       Partner with local security teams in every geography to cascade the global framework, policies, and procedures. Provide training, Q&A sessions, that ensures consistent execution of security controls for vendors.

·       Work with Business Continuity Management (BCM) and Application Security teams across regions to guarantee that third‑party vendors receive appropriate BCM and AppSec reviews. Align their findings with the overall TPRM risk rating and remediation plans

·       Perform a global quality review of assessment reports generated. Verify that all key risk domains are adequately covered and are applied consistently.

·       Coordinate with the enterprise RISK ORC and Internal Audit to conduct control‑testing of TPRM activities. Ensure that testing is aligned with global and regional policies, and that any deficiencies are tracked to closure.

·       Serve as the global contact for all TPRM‑related queries from corporate, regional, and local teams, as well as from external auditors, regulators, and business partners. Provide clear, timely guidance and maintain a knowledge‑base of frequently asked questions.

·       Present vendor‑risk findings and trend analyses at global risk‑centric forums (and at regional/territory committees. Prepare executive summaries, heat‑maps, and risk‑action plans for senior leadership.

·       Own the TPRM technology stack (assessment platform, workflow engine, data repository). Lead enhancements, integrations and ensure that all documentation, assessment artefacts, and evidence are stored in a centralized, searchable database.

·       Maintain a master repository of all policies, procedures, assessment templates, scoring guides, and historical assessment data. Ensure version control, audit trails, and accessibility for all authorized stakeholders.

·       Consolidate regional regulatory reporting into a global Technology‑Risk Committee submission. Produce quarterly and ad‑hoc reports that satisfy regulatory bodies (and internal governance requirements.

·       Continuously scan for emerging third‑party risk trends (e.g., supply‑chain attacks, geopolitical exposure). Escalate unresolved or non‑responsive vendors to senior management with recommended mitigation actions (contract termination, additional controls, third‑party remediation).

·       Build and lead a globally distributed TPRM team (analysts, coordinators, regional liaisons). Set objectives, conduct performance reviews, provide coaching, and champion professional development (certifications, cross‑regional rotations).

·       Drive a culture of continuous improvement by capturing lessons learned, benchmarking against industry best practices (e.g., ISO 27036, Shared Assessments), and proposing enhancements to the global TPRM framework, metrics, and governance model.

·       Manage the budget for TPRM tools, external consultants, and third‑party assessment services. 

Contributing Responsibilities

·       Work closely with Global Business Information Security teams to adopt and disseminate best‑practice outsourcing‑risk‑management guidelines that address the requirements of multiple regulators worldwide.

·       Contribute to group‑wide initiatives aimed at enhancing the Third‑Party Risk Management policies, processes, and methodologies, ensuring they serve the best interests of the entire BNPP Group.

·       Participate in global, regional and local statutory, information‑security, and regulatory audits to verify compliance with the Third‑Party Risk Management framework across all territories.

Technical & Behavioral Competencies

·       Professional Certifications - Certified Third Party Risk Professional (CTPRP), CISA, CRISC, CIPM, ISO 27001 Lead Implementer, or equivalent security/compliance certifications desirable.

·       Experience - 12 + years of experience in third party risk, vendor security assessments or GRC.

·       Minimum 5 years of people management experience, leading a distributed team of 5 / 10+ professionals.

·       Analytical & Communication - Ability to translate complex technical risk findings into clear business language for senior executives.

·       Excellent written and verbal communication skills; experience delivering board level presentations.

·       Project Management - Proven track record delivering process improvement projects on time and within budget. PMP or PRINCE2 certification is an advantage.

·       Negotiation & Influence - Demonstrated ability to influence cross functional stakeholders and drive compliance without direct authority.

Skills Referential (Required knowledge, skills and abilities)

Technical Skills:

• Domain Knowledge - Deep understanding of third party risk frameworks, security by design, data privacy regulations, and supply chain risk. Experience with global, multi-jurisdictional programmes.
• Technical Skills - Proficiency with TPRM platforms (e.g., OneTrust Vendor Risk, RSA Archer, Process Unity). 
• Strong data analysis capability (Excel, PowerBI, Tableau, or similar). 
• Familiarity with cloud security (AWS, Azure, GCP) and SaaS vendor assessments.

Behavioral Skills: 

• Strategic Thinking - Anticipates evolving risk landscape; aligns TPRM roadmap with corporate strategy.
• Leadership - Inspires, mentors, and develops a high performing, culturally diverse team.
• Collaboration - Works effectively across procurement, legal, security, IT, and business units worldwide.
• Decision Making  - Makes timely, data driven decisions, balancing risk appetite and business needs.
• Attention to Detail - Ensures rigorous quality controls and accurate reporting of assessment outcomes.
• Change Management - Leads adoption of new processes, tools, and policies across global locations.
• Ethical Integrity Maintains confidentiality and adheres to the highest ethical standards.

Education Level: Bachelor’s degree in computer science, information Technology or Technology Management, Risk Management, Business Administration, Engineering or related field. Infosec Specialization (preferred) 

Location: Mumbai

About BNP Paribas Group:

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.