Senior Manager / Chief Manager – Vendor Risk Governance 9+ Yrs Gurgaon

Title of job

Senior Manager / Chief Manager – Vendor Risk Governance

Summary - Own the third-party privacy & vendor risk story — from profiling to real-time dashboards. You’ll design frameworks, lead assessments, and work cross-functionally to protect data while enabling business. If you like shaping risk programs, nudging culture, and turning messy vendor data into crisp decisions — this is your stage.

Location - Gurgaon (HO)

Your Future Employer Join a leading, deeply trusted life insurance institution — admired for long-term vision, strong governance, and a culture rooted in trust, ethics, and customer-first values. You'll work in a high-impact risk & privacy function, partnering with senior leaders to build a secure, future-ready vendor ecosystem.

Responsibilities

1. Accurately profile third-party vendors across all SOWs and drive risk categorization. Design and deploy cost-efficient, risk-based vendor audit approaches.
2. Minimize data exposure by applying business-savvy data anonymization and segmentation techniques.
3. Manage vendor due diligence and risk assessment lifecycle for the Vendor Risk Management Program.
4. Lead risk evaluations for critical third parties and ensure mitigation plans are effective.
5. Harmonize Data Privacy, Information Security and Compliance requirements for vendor audits.
6. Conduct assessments using relevant frameworks (ISO 27001, IRDAI cybersecurity guidance, DPDP Act).
7. Provide SME guidance to business teams and run ongoing training & awareness on third-party risk.
8. Support privacy projects (approx. 25% of time) and represent the function in sourcing and cross-functional committees.

Requirements

1. 9–12+ years’ experience in third-party/vendor risk management (vendor audits, due diligence, lifecycle management).
2. Strong understanding of risks from outsourcing and vendor engagements.
3. Hands-on familiarity with IT tools & technologies: cloud, networking, databases and IT General Controls (ITGC).
4. Experience applying security/privacy frameworks and regulatory guidance (ISO 27001, DPDP Act, IRDAI guidelines).
5. Proficiency in risk analysis methodologies, data interpretation, and MIS/dashboard creation.
6. Excellent stakeholder management, leadership and communication skills.
7. Ability to balance business objectives with privacy & security requirements; high discretion with sensitive data.

What is in it for you

• Lead a high-impact, second-line function protecting personal data across the enterprise.
• Influence vendor selection, contracting and remediation priorities.
• Ownership of metrics, dashboards and program maturity — measurable impact.

Reach us – If you think this role aligns with your career aspirations, kindly write to us with your updated CV at vandana.hatwal@crescendogroup.in for a confidential discussion.

Disclaimer

Crescendo Global specializes in senior to C-level niche recruitment and is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, origin, gender, sexual orientation, age, marital status, veteran status or disability.

Note

We receive many applications daily — if you don’t hear from us within one week, please assume your profile has not been shortlisted. Thank you for your patience.

Profile Keywords

Vendor Risk Management, Third-Party Risk, Vendor Due Diligence, Data Privacy, DPDP Act, ISO 27001, ITGC, Vendor Audit, Risk Assessment, Vendor Risk Dashboard, IRDAICybersecurity, Privacy Risk Framework, Vendor Management Office, Third-Party Governance, Data Anonymization