Job Title: Senior Manager / Chief Manager - Vendor Risk Governance
Location: Gurgaon HO
Experience: 10-12 years
Function: Enterprise Risk Management - Data Privacy Risk
Reporting to: VP & Data Protection Officer Industry: Insurance / Financial Services
About the Role We're seeking a seasoned risk leader to build and scale our third-party privacy risk governance framework. This role will drive vendor profiling, due diligence, risk assessments, and ongoing monitoring-ensuring compliance with the DPDP Act, IRDAI cybersecurity guidelines, and global best practices. You'll work closely with stakeholders across Operations, Underwriting, Claims, Digital, Legal, Compliance, and Information Security to embed privacy-first thinking into vendor engagements.
This is a high-impact, individual contributor role with strong visibility across leadership forums and governance committees.
Key Responsibilities
- Lead vendor profiling and risk categorization across all scopes of work (SOWs)
- Design and implement scalable, cost-effective vendor audit methodologies
- Minimize and anonymize data shared with vendors to reduce exposure
- Manage end-to-end risk assessment and due diligence processes
- Conduct vendor evaluations using ISO 27001, IRDAI, and DPDP frameworks
- Harmonize privacy, security, and compliance controls across audits
- Build and maintain a real-time vendor risk dashboard with audit history
- Represent the Third-Party Risk function in sourcing and governance forums
- Convene and lead the Vendor Risk Evaluation Committee / VMO
- Drive awareness and training programs on vendor risk management
- Support strategic privacy initiatives (approx. 25% bandwidth)
Success Metrics
- SLA-aligned closure of vendor assessments
- Maturity uplift of the vendor risk governance program
- Timely and accurate delivery of dashboards, reports, and insights
- Strong stakeholder engagement and cross-functional alignment
Candidate Profile
- 10-12 years of experience in third-party risk management
- Deep understanding of outsourcing risks and vendor governance
- Strong grasp of IT ecosystems-cloud, networks, databases
- Familiarity with IT General Controls (ITGC) and risk analytics
- Proven ability to balance business needs with privacy mandates
- Excellent communication, leadership, and stakeholder management skills
- Detail-oriented with high discretion in handling sensitive data
Didn’t find the job appropriate? Report this Job
