HireHireFreshworks jobs › Lead - Cybersecurity Third-Party Risk Management

Lead - Cybersecurity Third-Party Risk Management

Apply for this role or explore on the map →

Organizations everywhere struggle under the crushing costs and complexities of “solutions” that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.

There’s another option. Freshworks. With a fresh vision for how the world works.

At Freshworks, we build uncomplicated service software that delivers exceptional customer and employee experiences. Our enterprise-grade solutions are powerful, yet easy to use, and quick to deliver results. Our people-first approach to AI eliminates friction, making employees more effective and organizations more productive. Over 72,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks’ customer experience (CX) and employee experience (EX) software to fuel customer loyalty and service efficiency. And, over 4,500 Freshworks employees make this possible, all around the world.

Fresh vision. Real impact. Come build it with us.

Freshworks is seeking a seasoned Third Party Risk Management (TPRM) professional to join our Cybersecurity GRC team. This is a senior individual contributor role responsible for designing and operating a robust, scalable TPRM programme that keeps pace with Freshworks' rapid growth and expanding regulatory obligations.

You will own the end-to-end vendor risk lifecycle from intake and assessment to ongoing monitoring and offboarding while contributing to audit readiness, SOX IT control testing, and cross-functional GRC initiatives. You will work closely with Procurement, Legal, Privacy, and Engineering to embed vendor risk thinking directly into how Freshworks buys and manages third-party relationships.

Key Responsibilities

Third-Party Risk Management

Own and operate the full TPRM lifecycle: vendor intake, inherent risk tiering, due diligence assessments, remediation tracking, periodic re-assessments, and offboarding.

Design, implement, and continuously improve TPRM controls, frameworks, and policies aligned to industry best practices (ISO 27001, NIST CSF, SOC 2, CIS).

Conduct deep-dive vendor reviews, including evaluation of SOC 1, SOC 2, and SOC 3 reports assessing scope, opinion type, bridge letters, exceptions, and complementary user entity controls (CUECs).

Review and critically assess vendor ISO 27001 and ISO 27701 certificates verifying scope, certification body accreditation, statement of applicability alignment, and surveillance/renewal status.

Analyse Standard Information Gathering (SIG) questionnaire responses (Core SIG, SIG Lite) and other security questionnaires (CAIQ, VSAQ, custom formats) with rigour and commercial awareness.

Administer and optimise the procurement platform for TPRM intake routing, review workflow management, and milestone tracking; collaborate on workflow configuration and UAT.

GRC & Audit Support

Support SOX IT General Controls (ITGCs) testing including access management, change management, and computer operations controls  and liaise with external auditors during fieldwork.

Assist with SOC 2 Type II audit cycles: evidence collection, control narratives, gap remediation, and bridge letter coordination for sub-service organisations.

Maintain GRC evidence repositories in NetSuite and Graphite GRC; ensure control mapping is current and audit-ready at all times.

Coordinate responses to customer security questionnaires and third-party due diligence requests, working with the broader GRC team.

Data Security & Privacy

Apply a thorough understanding of data security principles — least privilege, data classification, encryption at rest and in transit, DLP, and access controls — when evaluating vendor security posture.

Incorporate data privacy requirements (GDPR, India DPDPA, CCPA/CPRA) into vendor assessments; identify sub-processor risks…

More roles at Freshworks

See Freshworks & thousands more on the map

Every tech & IT company hiring across India — with AI match scores — on one live map.

Open the map →