Deb Shankar Lahiri
New Delhi
Summary
A dedicated, experienced Third party risk and compliance professional with around 17+ years of experience in Vendor governance ,Information Security ,Regulatory Audits and Project Management. Extensive experience in leading and implementation of Vendor Risk Governance programme at an enterprise level, expert knowledge of domains such as ITGC, GRC, and SOX compliance programs. Highly proficient in people leadership and stakeholder management, leveraging work experience in successful strategies for maintaining optimal controls .
Overview
18
18
years of professional experience
1
1
Certification
Work History
Manager - Third Party Risk Management
M&G Global Services Private Limited
Pune
04.2024 - Current
- Ensure compliance with third-party supplier management policies, procedures, and standards.
- Conduct comprehensive reviews of Third Party/Vendor risk assessment and ensure output from Risk Assessment is approved (for Very High and High / Material) suppliers.
- Maintain accurate inventory of third-party applications, ensuring correct ownership and tiering.
- Maintain a strong network and partnerships within the respective TPRO division, global procurement, Divisional control officers, and 2LOD Risk Type Controllers.
- Drive the implementation of remediation projects in support of regulatory and M&G policy adoption into the business division.
- Record and monitor all third-party activities to ensure ongoing compliance.
- Enhance governance framework to provide data-driven insights and oversight to senior management and boards.
- Collaborate with international regulatory entities to manage third-party risk effectively.
Manager IT and Third Party Risk
Protiviti
Bengaluru
10.2023 - 04.2024
- Conduct vendor risk assessment based on the organization's TPRM framework to identify information security gaps.
- Key areas covered in the assessments include reviewing SOC 2 Type 2 reports, reviewing application security controls, logical security, change management, backup & recovery, and IT DR. Ensure all the records/evidences are collected, collated, and examined as part of specified testing strategies for evidence of compliance with management directives.
- Support engagement with group entities on international Third Party Risk Management and Outsourcing regulatory rules and guidance, incorporating these where relevant into group policies, standards, methods, and tooling.
- Perform IT risk assessment to identify and assess the key risks across information security controls in the organization. Perform cyber maturity assessments on leading standards encompassing areas such as Data Governance, Network Security controls, Backup, and Resilience.
Assistant Vice President - Third Party Risk
State Street
Bengaluru
10.2021 - 08.2023
- TPRM Regional Lead for TPRM Ongoing Monitoring and Vendor Onboarding.
- Responsible for implementation and execution of TPRM framework and Policy within US/EMEA region and support audit of Third Party Risk Management submission, MRIA.
- Manage TPRM Operations for State Street global vendor engagements and conduct risk assessments for over 200 critical vendors.
- Execute TPRM thought leadership and conduct regulatory testing on TPRM program design and controls.
- Design and execute a robust TPRM process flow for critical due diligence functions, such as financial viability, SOX review, negative news monitoring, etc.
- Ensure DDQ and IRQ are fit for executive-level management. IRQ reviews assessment and verifies the same through engagement and contract. Planning, creating, and producing relevant policy-related reports and SOPs. Tailor IRQ and DDQ( Due diligence questionnaire) and Set up the Questionnaire as per the Assessment
- Facilitate creation of TPRM governance policy, program manual, coordinate risk assessments, and issue findings control process.
- Develop programme of control testing ( RCSA) and audit reviews and supporting Critical Central Audit with respect to the project, ECB , RBI,PRA Audit remediation including Internal Audits.
Manager Regulatory Banking
American Express Banking Corp
Gurgaon
01.2020 - 10.2021
- Responsible for driving Third Party Risk Management monitoring program and strategic regulatory projects, in addition to providing regulatory oversight in the 2nd LOD.
- Develop and implement enterprise-wide third-party risk assessment framework and conduct reviews, audits, and risk assessments to ensure third parties are compliant with enterprise security standards.
- Ensure strong controls, rigorous reporting, and sound governance around all servicing processes. Assess and evaluate current processes to identify any enhancement opportunities.
- Creating a governance structure around critical enterprise functions, such as vendor compliance and legal entity compliance.
- Present and communicate performance results and audit findings in an effective manner to AEBC Leadership and regulators.
- Collaborate with internal stakeholders, including legal, compliance, IT, ISG, and procurement, to ensure that vendor contracts and agreements align with risk management across the organization.
- Conduct due diligence on potential vendor ( IT) and evaluate on financial viability, security controls , compliance posture and overall risk profiles
Program Manager Governance
American Express
Gurgaon
01.2013 - 01.2020
- Conducted comprehensive reviews of Third Party/Vendor risk assessment questionnaires and associated certifications and documentation, including SOC 2, ISO, and organizational policies and procedures.
- Project management/ Product Management - Handling 16 projects and 3 products ( IT project delivery/ Cyber security assessment/ GDP assessment/ Local County Compliance/ Cloud service delivery)
- Collaborated with third parties and vendors to address any required remediation efforts, ensuring alignment with client frameworks for risk identification, assessment, and mitigation.
- Developed and maintained metrics and reporting systems to track risks and program performance, facilitating informed decision-making.
- Advised on enhancements and process efficiencies within the Third-Party Risk Management program, contributing to program development and maturity.
Senior Analyst - Regulatory Control Testing
American Express
Gurgaon
04.2011 - 08.2013
Lead Service Recovery Executive
American Express
Gurgaon
10.2009 - 03.2011
Master Customer Care Professional
American Express
Gurgaon
04.2006 - 10.2009
Education
Executive MBA -
IIBM INSTITUTE OF BUSINESS MANAGEMENT
New Delhi, Delhi07.2016
Bachelor of Business Administration (B.B.A) -
Alagappa University
Kolkata, West Bengal07.2005
Skills
- Risk Assessment
- Operational Resilience
- Business Continuity
- Sarbanes Oxley (SOX)
- ISO 27001/ ISO 22301
- Enterprise Risk Management
- Risk Mitigation (DORA)
- Process Improvement
- Cyber Security
- Vendor Governance
- People Leadership
- Data Governance
- Project Management
- Regulatory Audits ( External & Internal)
- Cross-Functional Teamwork
- Complex Problem-Solving
- Financial Management
TECH TALK
Archer, Ariba, Coupa , Cornerstone, Tableau, Microsoft Office, Microsoft Office Suite,Visio, Oracle FC, SharePoint,Prevalent,Compass, ProcessUnity
Languages
English
First Language
Hindi
Advanced (C1)
C1
Certification
- Certified Regulatory Vendor Program Manager (CRVPM®) | Compliance Education Institute
- Lean Six Sigma Black Belt | Six Sigma academy Amsterdam
- ISO 31000:2018 | Udemy
- Tally 6.0
- GDPR ( GDPR | DATA PROTECTION | Privacy)
- Incident Management from Skillsoft
- Business Continuity Planning ( BCP) from Skillsoft
Timeline
Manager - Third Party Risk Management
M&G Global Services Private Limited
04.2024 - Current
Manager IT and Third Party Risk
Protiviti
10.2023 - 04.2024
Assistant Vice President - Third Party Risk
State Street
10.2021 - 08.2023
Manager Regulatory Banking
American Express Banking Corp
01.2020 - 10.2021
Program Manager Governance
American Express
01.2013 - 01.2020
Senior Analyst - Regulatory Control Testing
American Express
04.2011 - 08.2013
Lead Service Recovery Executive
American Express
10.2009 - 03.2011
Master Customer Care Professional
American Express
04.2006 - 10.2009
Executive MBA -
IIBM INSTITUTE OF BUSINESS MANAGEMENT
Bachelor of Business Administration (B.B.A) -
Alagappa University
Similar Profiles
Jason MirandaJason Miranda
Manager - Audit Analytics at M&G Global Services Private LimitedManager - Audit Analytics at M&G Global Services Private Limited
Satvik KanaswarSatvik Kanaswar
Assistant Manager at M&G Global services private LimitedAssistant Manager at M&G Global services private Limited
Shubham GuptaShubham Gupta
Investment Compliance - Senior Analyst at M&G Global Services Private LimitedInvestment Compliance - Senior Analyst at M&G Global Services Private Limited