Skip to main content
Back to jobs

Lead - Cybersecurity Third-Party Risk Management

External
Freshworks logoFreshworks · Chennai, IN
Full-timeOn-site3d ago
ClassificationEncryptionGDPRIncident ResponseLeadershipREST
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Third-Party Risk Management
  • Own and operate the full TPRM lifecycle: vendor intake, inherent risk tiering, due diligence assessments, remediation tracking, periodic re-assessments, and offboarding.
  • Design, implement, and continuously improve TPRM controls, frameworks, and policies aligned to industry best practices (ISO 27001, NIST CSF, SOC 2, CIS).
  • Conduct deep-dive vendor reviews, including evaluation of SOC 1, SOC 2, and SOC 3 reports assessing scope, opinion type, bridge letters, exceptions, and complementary user entity controls (CUECs).
  • Review and critically assess vendor ISO 27001 and ISO 27701 certificates verifying scope, certification body accreditation, statement of applicability alignment, and surveillance/renewal status.
  • Analyse Standard Information Gathering (SIG) questionnaire responses (Core SIG, SIG Lite) and other security questionnaires (CAIQ, VSAQ, custom formats) with rigour and commercial awareness.
  • Administer and optimise the procurement platform for TPRM intake routing, review workflow management, and milestone tracking; collaborate on workflow configuration and UAT.
  • GRC & Audit Support
  • Support SOX IT General Controls (ITGCs) testing including access management, change management, and computer operations controls and liaise with external auditors during fieldwork.
  • Assist with SOC 2 Type II audit cycles: evidence collection, control narratives, gap remediation, and bridge letter coordination for sub-service organisations.
  • Maintain GRC evidence repositories in NetSuite and Graphite GRC; ensure control mapping is current and audit-ready at all times.
  • Coordinate responses to customer security questionnaires and third-party due diligence requests, working with the broader GRC team.
  • Data Security & Privacy
  • Apply a thorough understanding of data security principles - least privilege, data classification, encryption at rest and in transit, DLP, and access controls - when evaluating vendor security posture.
  • Incorporate data privacy requirements (GDPR, India DPDPA, CCPA/CPRA) into vendor assessments; identify sub-processor risks and escalate appropriately to the Privacy function.
  • Stakeholder Engagement & Continuous Improvement
  • Act as a trusted partner to Procurement, Finance, Legal, and Engineering on vendor risk matters; participate in vendor selection panels for high-risk or strategic suppliers.
  • Develop and maintain TPRM metrics, dashboards, and executive reporting; present risk posture and programme health to senior leadership.
  • Drive tooling improvements and automation across the TPRM stack
  • 5-10 years of progressive experience in Third-Party Risk Management, Vendor Risk Management, or GRC within a technology, SaaS, or financial services environment.
  • Demonstrated track record of designing and implementing TPRM control frameworks from concept through operationalisation.
  • Proven experience performing comprehensive vendor risk assessments independently, including managing complex or high-risk supplier portfolios.
  • Prior exposure to SOX ITGC testing or SOC 2 audit cycles, working directly with external auditors, is strongly preferred.
  • Technical Knowledge
  • In-depth expertise reading and interpreting SOC 1 and SOC 2 reports opinion types, scope, exceptions, CUECs, and sub-service organisation carve-outs.
  • Strong ability to assess ISO 27001 and ISO 27701 certificates, including scope boundaries, certification body credibility, and alignment with stated control objectives.
  • Hands-on experience with SIG Core, SIG Lite, CAIQ, and other standardised security questionnaire frameworks.
  • Working knowledge of NetSuite for GRC evidence management and control tracking; experience with Graphite GRC for control frameworks and audit workflows.
  • Familiarity with ZIP as a procurement intake and workflow platform; experience configuring or testing TPRM routing rules is a plus.
  • Experience using Lema (or equivalent AI-powered TPRM platforms such as Prevalent, OneTrust, or Process Unity) for risk scoring and automated assessments.
  • Solid grounding in data security principles: access control models, encryption standards, network segmentation, vulnerability management, and incident response concepts.
  • Working knowledge of data privacy regulations: GDPR, India DPDPA, CCPA/CPRA; ability to assess vendor complia

Benefits

Health insurance

Additional Information

Freshworks is seeking a seasoned Third Party Risk Management (TPRM) professional to join our Cybersecurity GRC team. This is a senior individual contributor role responsible for designing and operating a robust, scalable TPRM programme that keeps pace with Freshworks' rapid growth and expanding regulatory obligations. You will own the end-to-end vendor risk lifecycle from intake and assessment to ongoing monitoring and offboarding while contributing to audit readiness, SOX IT control testing, and cross-functional GRC initiatives. You will work closely with Procurement, Legal, Privacy, and Engineering to embed vendor risk thinking directly into how Freshworks buys and manages third-party relationships.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Freshworks? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect