openteamtailorhydeparkvp
Manager, Third Party Risk Management
Arrive
LocationBengaluru
Workplacenone
Posted2026-06-10T10:22:50+02:00
Last observed2026-06-13 05:24:42.471256
Job idhydeparkvp-arrive:teamtailor:1a9613f1-6bbb-4d4f-96b3-1329e894a132
We’ve signed up to an ambitious journey. Join us! As Arrive, we guide customers and communities towards brighter futures and more livable cities, it isn’t a challenge just anyone could take on. Luckily, we have something to help us make it happen. Our people and our values. We Arrive Curious, Focused and Together. Just as our entire brand is inspired by the North Star, the shining light leading travelers to their destinations since time began, our values guide us. They help us be at our best. For our customers. For the cities and communities we serve. For ourselves. As a global team, we are transforming urban mobility. Let’s grow better, together. Role Overview: We are seeking an experienced Third-Party Risk Management (TPRM) Manager to own and mature Arrive’s global third-party risk program. Reporting to the Risk & Compliance Lead, this role will serve as the single point of accountability for third-party security risk across the Arrive Group. This is a strategic governance role focused on enabling business growth while ensuring vendors, partners, and suppliers meet Arrive’s security, resilience, and regulatory expectations. The ideal candidate will combine strong vendor risk assessment expertise, regulatory alignment experience, and senior stakeholder management capability in a global environment. Key Responsibilities: Vendor Risk Assessments & Due Diligence Lead security risk assessments for new and existing third parties (SaaS, cloud, fintech vendors, payment processors). Review and analyze vendor certifications and assurance artifacts (ISO 27001, SOC 1/2, PCI DSS, GDPR documentation). Evaluate third-party control effectiveness and document risk findings. Drive remediation tracking and closure with vendors and internal stakeholders. Maintain and mature standardized third-party assessment frameworks. Risk-Based Decision Support Translate technical findings into business-aligned risk insights. Advise leadership on risk acceptance, mitigation, and compensating controls. Maintain a defensible third-party risk register and reporting structure. Support procurement decisions through risk scoring and tiering models. Regulatory & Contractual Alignment Partner with Legal and Procurement to embed security requirements in contracts (MSA, DPA, security addendums). Ensure alignment with ISO 27001, PCI DSS, GDPR, NIS2, SOC, and other regulatory frameworks. Validate subcontractor and supply-chain security obligations. Support customer due diligence and regulatory inquiries related to vendor security. Program Governance & Continuous Improvement Own and continuously enhance the TPRM lifecycle (onboarding, assessment, monitoring, offboarding). Define and track KPIs for vendor risk posture (coverage, remediation time, risk trends). Support internal and external audits by providing third-party assurance evidence. Leverage GRC or TPRM tools to automate workflows and reporting. Scale the TPRM program in line with business growth and geographic expansion. Continuous Improvement Drive ongoing enhancement of the TPRM framework, processes, and tooling to align with evolving regulatory and business requirements. Identify gaps and implement process efficiencies to strengthen risk mitigation and stakeholder experience. Monitor industry best practices and emerging risks to proactively refine the third-party risk management program. Reporting Design and implement TPRM KPIs and KRIs to measure third-party risk exposure, assessment coverage, remediation timelines, and control effectiveness. Develop executive dashboards and periodic reporting to provide data-driven insights to senior leadership and governance forums. Monitor performance against defined risk thresholds and drive accountability through structured reporting and escalation mechanisms. Stakeholder & Cross-Functional Collaboration: Act as primary security liaison for Procurement, Legal, IT, and Business Units. Provide clear guidance on third-party security expectations. Drive a security-enablemen
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.