Third-Party Risk Management (TPRM) - Lead

At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you're passionate about developing your career, while helping others along the way, come join the Broadridge team.

About Us:
Broadridge Financial Solutions is a global fintech leader providing technology-driven solutions that help banks, broker dealers, asset managers, and public companies operate efficiently and transform their businesses. Broadridge is known for delivering critical infrastructure for investor communications, trading, governance, and capital markets operations. With a strong culture of innovation, operational excellence, and client focus, Broadridge empowers associates to solve complex business challenges and contribute to meaningful outcomes across the global financial ecosystem.

• Lead the day-to-day operations and continuous improvement of the TPRM program, ensuring alignment with organizational risk appetite and regulatory requirements.
• Develop, maintain, and enforce TPRM policies, standards, and procedures.
• Manage the end-to-end vendor risk lifecycle, from initial on-boarding through offboarding.
• Track remediation activities and engage stakeholders to ensure timeliness

• Conduct and oversee robust due diligence assessments of new and existing third parties, focusing on security, privacy, resilience, and regulatory compliance.
• Evaluate Service Organization Control (SOC) reports (e.g., SOC 1, SOC 2, SOC 3) and other assurance documentation to identify control gaps and inherent risks.
• Drive the reassessment process for critical and high-risk vendors based on defined frequency and trigger events.
• Ensure remediation of identified risks by tracking and validating corrective action plans.

• Implement, and maintain vendor scorecards and performance metrics to continuously monitor vendor risk posture and adherence to contractual obligations.
• Prepare and present clear, data-driven reports on the overall TPRM status, high-risk vendors, and key performance indicators to senior management and relevant committees.

• Serve as the primary point of contact and lead for coordinating the response to security or operational incidents involving third parties.
• Validate vendor incident management processes and ensure timely and effective communication and resolution during a third-party breach or disruption.
• Collaborate with internal stakeholders and SME groups from different domains and work towards an action plan.

• This is not mandatory but having a hands-on experience is an added advantage.

• Provide day-to-day guidance to TPRM analysts and support workload prioritization.
• Act as delegate for the India TPRM Manager, overseeing BAU operations, escalations, and stakeholder engagement in their absence.
• Review team outputs for quality, consistency, and adherence to standards.
• Educate stakeholders and business owners on vendor risk requirements supporting first-line engagement
• Drive policy awareness

• A minimum of 4 years and a maximum of 7 years of direct experience managing a TPRM or Vendor Risk Management program.
• Thorough knowledge of TPRM program components and industry best practices (e.g., ISO 27001, SOA, shared assessments).
• Expertise in interpreting and utilizing SOC report data, specifically understanding the scope, control objectives, and impact on the organization.
• Proven ability to execute a comprehensive due diligence process across various risk domains (Information Security, Business Continuity, Compliance, Financial Stability).
• Demonstrated experience with incident management and crisis response in the context of third-party events.
• Familiarity with creating and analyzing vendor scorecards for performance and risk tracking.
• People leadership experience is highly desirable.
• Strong analytical, organizational, and communication skills. Ability to effectively negotiate and influence internal stakeholders and external vendors.