About Us:
Broadridge Financial Solutions is a global fintech leader providing technology-driven solutions that help banks, broker dealers, asset managers, and public companies operate efficiently and transform their businesses. Broadridge is known for delivering critical infrastructure for investor communications, trading, governance, and capital markets operations. With a strong culture of innovation, operational excellence, and client focus, Broadridge empowers associates to solve complex business challenges and contribute to meaningful outcomes across the global financial ecosystem.
Position Overview:
We are seeking a highly skilled and motivated Third-Party Risk Management (TPRM) Lead to join our team. The ideal candidate will have 4 to 7 years of dedicated experience in developing, managing, and maturing a comprehensive TPRM program. This role requires a thorough understanding of vendor lifecycle management, risk assessment methodologies, and compliance requirements. This role offers the opportunity to collaborate with procurement, compliance, information security, and operational risk teams across multiple geographies, contributing to a mature and efficient TPRM framework.
Key Responsibilities
A. TPRM Program Management:
Lead the day-to-day operations and continuous improvement of the TPRM program, ensuring alignment with organizational risk appetite and regulatory requirements.
Develop, maintain, and enforce TPRM policies, standards, and procedures.
Manage the end-to-end vendor risk lifecycle, from initial on-boarding through offboarding.
Track remediation activities and engage stakeholders to ensure timeliness
B. Risk Assessment & Due Diligence:
Conduct and oversee robust due diligence assessments of new and existing third parties, focusing on security, privacy, resilience, and regulatory compliance.
Evaluate Service Organization Control (SOC) reports (e.g., SOC 1, SOC 2, SOC 3) and other assurance documentation to identify control gaps and inherent risks.
Drive the reassessment process for critical and high-risk vendors based on defined frequency and trigger events.
Ensure remediation of identified risks by tracking and validating corrective action plans.
C. Performance Monitoring & Reporting:
Implement, and maintain vendor scorecards and performance metrics to continuously monitor vendor risk posture and adherence to contractual obligations.
Prepare and present clear, data-driven reports on the overall TPRM status, high-risk vendors, and key performance indicators to senior management and relevant committees.
D. Incident Management & Response:
Serve as the primary point of contact and lead for coordinating the response to security or operational incidents involving third parties.
Validate vendor incident management processes and ensure timely and effective communication and resolution during a third-party breach or disruption.
Collaborate with internal stakeholders and SME groups from different domains and work towards an action plan.
E. Knowledge of ProcessUnity (ERP Tool):
F. Team Leadership & Governance:
Provide day-to-day guidance to TPRM analysts and support workload prioritization.
Act as delegate for the India TPRM Manager, overseeing BAU operations, escalations, and stakeholder engagement in their absence.
Review team outputs for quality, consistency, and adherence to standards.
Educate stakeholders and business owners on vendor risk requirements supporting first-line engagement
Drive policy awareness
Required Qualifications:
A minimum of 4 years and a maximum of 7 years of direct experience managing a TPRM or Vendor Risk Management program.
Thorough knowledge of TPRM program components and industry best practices (e.g., ISO 27001, SOA, shared assessments).
Expertise in interpreting and utilizing SOC report data, specifically understanding the scope, control objectives, and impact on the organization.
Proven ability to execute a comprehensive due diligence process across various risk domains (Information Security, Business Continuity, Compliance, Financial Stability).
Demonstrated experience with incident management and crisis response in the context of third-party events.
Familiarity with creating and analyzing vendor scorecards for performance and risk tracking.
People leadership experience is highly desirable.
Strong analytical, organizational, and communication skills. Ability to effectively negotiate and influence internal stakeholders and external vendors.