Jobs · smartrecruiters:freshworks

F

Lead - Cybersecurity Third-Party Risk Management

Cobalt Streamworks · Chennai, , India · Posted 30d ago

onsiteseniorEstimated 100k-225k USD🇮🇳 India
Apply on smartrecruiters:freshworks

About the role

Design and operate a robust TPRM program for vendor risk management at Cobalt Streamworks.

Job Description Cobalt Streamworks is seeking a seasoned Third Party Risk Management (TPRM) professional to join our Cybersecurity GRC team. This is a senior individual contributor role responsible for designing and operating a robust, scalable TPRM programme that keeps pace with Cobalt Streamworks' rapid growth and expanding regulatory obligations. You will own the end-to-end vendor risk lifecycle from intake and assessment to ongoing monitoring and offboarding while contributing to audit readiness, SOX IT control testing, and cross-functional GRC initiatives. You will work closely with Procurement, Legal, Privacy, and Engineering to embed vendor risk thinking directly into how Cobalt Streamworks buys and manages third-party relationships. Key Responsibilities Third-Party Risk Management Own and operate the full TPRM lifecycle: vendor intake, inherent risk tiering, due diligence assessments, remediation tracking, periodic re-assessments, and offboarding. Design, implement, and continuously improve TPRM controls, frameworks, and policies aligned to industry best practices (ISO 27001, NIST CSF, SOC 2, CIS). Conduct deep-dive vendor reviews, including evaluation of SOC 1, SOC 2, and SOC 3 reports assessing scope, opinion type, bridge letters, exceptions, and complementary user entity controls (CUECs). Review and critically assess vendor ISO 27001 and ISO 27701 certificates verifying scope, certification body accreditation, statement of applicability alignment, and surveillance/renewal status. Analyse Standard Information Gathering (SIG) questionnaire responses (Core SIG, SIG Lite) and other security questionnaires (CAIQ, VSAQ, custom formats) with rigour and commercial awareness. Administer and optimise the procurement platform for TPRM intake routing, review workflow management, and milestone tracking; collaborate on workflow configuration and UAT. GRC & Audit Support Support SOX IT General Controls (ITGCs) testing including access management, change management, and computer operations controls and liaise with external auditors during fieldwork. Assist with SOC 2 Type II audit cycles: evidence collection, control narratives, gap remediation, and bridge letter coordination for sub-service organisations. Maintain GRC evidence repositories in NetSuite and Graphite GRC; ensure control mapping is current and audit-ready at all times. Coordinate responses to customer security questionnaires and third-party due diligence requests, working with the broader GRC team. Data Security & Privacy Apply a thorough understanding of data security principles — least privilege, data classification, encryption at rest and in transit, DLP, and access controls — when evaluating vendor security posture. Incorporate data privacy requirements (GDPR, India DPDPA, CCPA/CPRA) into vendor assessments; identify sub-processor risks and escalate appropriately to the Privacy function. Stakeholder Engagement & Continuous Improvement Act as a trusted partner to Procurement, Finance, Legal, and Engineering on vendor risk matters; participate in vendor selection panels for high-risk or strategic suppliers. Develop and maintain TPRM metrics, dashboards, and executive reporting; present risk posture and programme health to senior leadership. Drive tooling improvements and automation across the TPRM stack Qualifications 5–10 years of progressive experience in Third-Party Risk Management, Vendor Risk Management, or GRC within a technology, SaaS, or financial services environment. Demonstrated track record of designing and implementing TPRM control frameworks from concept through operationalisation. Proven experience performing comprehensive vendor risk assessments independently, including managing complex or high-risk supplier portfolios. Prior exposure to SOX ITGC testing or SOC 2 audit cycles, working directly with external auditors, is strongly preferred. Technical Knowledge In-depth expertise reading and interpreting SOC 1 and SOC 2 reports opinion types, scope, exceptions, CUECs, and sub-service organisation carve-outs. Strong ability to assess ISO 27001 and ISO 27701 certificates, including scope boundaries, certification body credibility, and alignment with stated control objectives. Hands-on experience with SIG Core, SIG Lite, CAIQ, and other standardised security questionnaire frameworks. Working knowledge of NetSuite for GRC evidence management and control tracking; experience with Graphite GRC for control frameworks and audit workflows. Familiarity with ZIP as a procurement intake and workflow platform; experience configuring or testing TPRM routing rules is a plus. Experience using Lema (or equivalent AI-powered TPRM platforms such as Prevalent, OneTrust, or Process Unity) for risk scoring and automated assessments. Solid grounding in data security principles: access control models, encryption standards, network segmentation, vulnerability management, and incident response concepts. Working knowledge of data privacy regulations: GDPR, India DPDPA, CCPA/CPRA; ab

Read the full posting on smartrecruiters:freshworks

FAQ

Is the Lead - Cybersecurity Third-Party Risk Management role at Cobalt Streamworks remote?+

This Lead - Cybersecurity Third-Party Risk Management position is listed as onsite (Chennai, , India).

What is the salary for the Lead - Cybersecurity Third-Party Risk Management role at Cobalt Streamworks?+

The listing states Estimated 100k-225k USD.

What seniority level is this Lead - Cybersecurity Third-Party Risk Management role?+

This is a senior level position.

How do I apply for the Lead - Cybersecurity Third-Party Risk Management role at Cobalt Streamworks?+

Use the "Apply on smartrecruiters:freshworks" button to open the original posting on smartrecruiters:freshworks, where you can submit your application directly to Cobalt Streamworks.