Sugam Dwivedi
Faridabad
Summary
Strategic and results-driven professional with 10+ years of progressive experience in Third-Party Risk Management (TPRM), Cybersecurity Governance, and Vendor Risk Oversight. Demonstrated expertise in conducting comprehensive assessments and mitigating risks related to DORA, GDPR, ISO 27001, and NIS2. Adept at leveraging GRC tools like ProcessUnity, Archer, and ServiceNow to enhance organizational security posture and operational efficiency.
Overview
12
12
years of professional experience
10
10
years of post-secondary education
Work History
"Consultant B-5"
Infosys limited
Banglore
06.2025 - Current
- Operate as First Line of Defence (1LOD) for third-party and cyber risk, owning risk identification, assessment, remediation tracking, and control execution in line with enterprise GRC frameworks.
- Lead cross-functional teams to design and implement technology and risk solutions for global clients, ensuring alignment with ISMS requirements, IT General Controls (ITGC), and regulatory standards.
- Lead third-party cyber risk assessments and supplier compliance reviews as part of 1LOD responsibilities, ensuring adherence to DORA, GDPR, ISO 27001, and internal security policies.
- Conduct comprehensive vendor due diligence across:
- ISMS maturity and ISO 27001 alignment
- IT General Controls (access management, change management, IT operations)
- Data protection and privacy controls
- Identify control gaps, assess inherent and residual risk, and define risk treatment and mitigation plans.
- Support and maintain ISMS governance activities within 1LOD, including:
- Risk assessments and risk treatment plans
- Control implementation and ongoing monitoring
- Execution and validation of ITGC controls for third parties
- Supplier ISMS assurance and evidence validation
- Internal and external audit readiness
- Partner with sourcing, legal, compliance, and information security teams to strengthen vendor governance, embed security, audit, and right-to-assess clauses in contracts, and improve third-party risk posture.
- Provide risk insights and management information (MI) to 2LOD and senior leadership, escalating material risks, control weaknesses, and emerging cyber threats in line with governance protocols.
- Conduct supplier risk assessments and control testing, identify governance deficiencies, and drive corrective action plans to reduce operational, cyber, and compliance risks.
- Collaborate with stakeholders to develop and execute supplier performance improvement and remediation plans, ensuring alignment with business objectives and regulatory expectations.
- Lead and support contract negotiations and amendments, embedding right-to-audit, data protection, resilience, and security obligations across the contract lifecycle.
- Develop and implement Third-Party Risk Management (TPRM) frameworks for Consultant B-5 engagements, strengthening supplier compliance with DORA, GDPR, ISO 27001, and internal GRC policies.
- Engage customers and suppliers using strong stakeholder management and interpersonal skills, facilitating effective risk discussions, remediation alignment, and governance awareness.
"Third-Party Risk Manager"
Barclays Procurement (BA4)
Noida
06.2022 - 06.2025
- Oversaw global supplier portfolios and led end-to-end third-party risk governance for high-risk vendors.
- Directed vendor due diligence covering cybersecurity, operational, financial, and regulatory dimensions.
- Implemented standardized frameworks for third-party onboarding, risk scoring, and issue remediation.
- Collaborated with legal and compliance teams to ensure robust contract management and SLA adherence.
- Led cost optimization and supplier engagement initiatives, achieving measurable improvements in compliance and efficiency.
- Oversee a global supplier portfolio ensuring strong relationships, optimized performance, cost efficiency, and risk mitigation.
- Drive third-party risk management by fostering collaboration among stakeholders and suppliers & ensure supplier compliance with control obligations, including data privacy, information security, and health and safety standards.
- Address governance and risk deficiencies, implement mitigation strategies and reassess supplier categories as needed.
- Manage contract lifecycles, including SOWs, amendments, and changes, aligning strategies with organizational objectives & supporting sourcing teams during negotiations, securing favorable terms, & maintaining robust supplier relationships.
- Identify and implement cost-saving and process improvement opportunities to enhance operational efficiency & lead contract negotiations manage supplier data, and ensure adherence to Barclays' compliance standards.
- Execute risk control projects, applying advanced frameworks to mitigate supply chain risks effectively & conduct regular supplier risk assessments, audits, and continuous improvement initiatives to ensure compliance.
- Collaborate on risk mitigation strategies aligned with business continuity & recovery plans.
- Collaborated with cross-functional teams to enhance supply chain efficiency.
- Implemented strategies to improve supplier engagement and service delivery.
Subject Matter Expert
Barclays (BA3)
Noida
06.2015 - 03.2022
- Served as SME for third-party oversight, ensuring supplier compliance across critical services and technology functions.
- Managed vendor audits, SOC report reviews, and due diligence documentation for regulatory submissions.
- Drove continuous improvement projects, including automation initiatives achieving 100% email tracking and operational transparency.
- Supported global stakeholders in Travel & Expense (T&E) management and Corporate Card-related queries for Barclays employees.
- Delivered a centralized solution for corporate card inquiries, addressing concerns and providing guidance to employees.
- Acted as the escalation point for complex corporate card and P-card issues, including priority handling for VIP cases.
- Leveraged platforms like SAP-Concur, XP1, and R3 to provide seamless service, troubleshoot issues, and ensure efficient system support.
- Spearheaded process improvements by identifying inefficiencies, streamlining workflows and optimizing travel and expense operations.
- Played a key role in training and mentoring new team members, ensuring policy adherence and high service standards.
Process Associate
Genpact
Gurugram
05.2014 - 05.2015
- Processed direct and indirect invoices, ensuring accuracy, timeliness, and compliance with internal controls.
- Proposed process streamlining im provements reducing turnaround time and improving accuracy rates.
- Processed direct and indirect invoices for GSK with a focus on accuracy and timely completion.
- Addressed inquiries and resolved issues related to Direct and Indirect Purchase Orders (POS), ensuring smooth transaction workflows.
- Managed escalations and critical cases involving pending invoices, delivering efficient and effective resolutions.
- Worked closely with the Urgent Payments team to ensure the timely release of invoices and entity-wise processing.
- Contributed to process improvements by identifying inefficiencies, streamlining workflows and reducing processing times.
Education
ISO 27001 LA
Exemplar Global
10.2025 - 02.2026
ISO 42001 LA
Exemplar Global
10.2025 - 02.2026
MBA - Finance
SMU
07.2015 - 08.2017
Intermediate - CMA
ICMAI
07.2008 - 05.2012
Bachelor of Commerce - Business
Delhi-University
07.2008 - 08.2011
Skills
- Third-Party Risk Management
- Risk Frameworks & Standards
- Vendor Risk Assessment
- Contract Lifecycle Management
- Cybersecurity Regulations
- "ISO27001 LA"
- "ISO 42001 LA"
- Process Improvement
- - Leadership and Mentoring
- - Regulatory Compliance
- - Risk Mitigation Strategies
- - Vendor Relationship Management
- "Software worked upon" JIRA, CLICK2BUY,CONFLUENCE, ICERTIS, PROCESSUNITY, SAP CONCUR, COUPA
- Cyber Risk Assessment & Mitigation I Regulatory & Compliance (DORA, GDPR,iSO 27001)
- Vendor Governance & Oversight
- Audit & Control Evaluation (SOC 1/2, Pen Test)
Accomplishments
- "Received multiple awards" including Outstanding Performer of the Year and Best Performer in Procure to Pay.
- "Consistently recognized for outstanding contributions across various technology domains, receiving multiple 'Boost' awards for active involvement in internal tasks".
- "Honored with the highest number of e-Thanks in a year from senior stakeholders, reflecting strong collaboration and exceptional service"
- Awarded multiple recognitions for contributions to colleague engagement, fostering a positive and productive work environment.
- "Received the 'Rewards and Recognition award for Best Performer in Procure to Pay, recognized for going above and beyond in delivering exceptional results"
- "Named 'Outstanding Performer of the Year' for consistently exceeding performance expectations and delivering exceptional value to the organization"
Key Projects
•Continuous improvement Initiative: Led domain-wide performance evaluations for 14 vendors with 100% succes rate.
- Financial Stability Assessment Project: Conducted post-market collapse reviews for 50+ suppliers to assess financial health.
- Query Tracker Automation: Designed automation achieving 100% tracking rate for stakeholder communication.
• Received multiple awards including ' O utstanding Performer of the Year and 'Best Performer in Procure to Pay'.
Personal Information
Date of Birth: 03/27/91
Languages
Hindi
First Language
English
Proficient
C2
Timeline
ISO 27001 LA
Exemplar Global
10.2025 - 02.2026
ISO 42001 LA
Exemplar Global
10.2025 - 02.2026
"Consultant B-5"
Infosys limited
06.2025 - Current
"Third-Party Risk Manager"
Barclays Procurement (BA4)
06.2022 - 06.2025
MBA - Finance
SMU
07.2015 - 08.2017
Subject Matter Expert
Barclays (BA3)
06.2015 - 03.2022
Process Associate
Genpact
05.2014 - 05.2015
Intermediate - CMA
ICMAI
07.2008 - 05.2012
Bachelor of Commerce - Business
Delhi-University
07.2008 - 08.2011