Lead Security Analyst (Third Party Risk Manger) (IGT1 Lanka: CFC)

Company Description

About IGT1 Lanka

IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates. We’re also proud to be a sister company of IFS, Sri Lanka’s largest and most established technology company.

At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives.

With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary.

Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives.

About the client: CFC

CFC is a specialist insurance provider, pioneer in emerging risk and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today’s most critical business risks.

Headquartered in London with offices across Europe, USA and Australia, CFC has over 1000 employees and is trusted by more than 150,000 businesses in 90 countries. Learn more at cfc.com and LinkedIn.

Job Description

Key responsibilities & accountabilities

We are seeking an experienced and strategic Senior Third Party Risk Manager to join our CISO team. This role is critical in shaping and executing our Third-Party Risk Management (TPRM) strategy, ensuring that our external partnerships align with our cybersecurity standards and evolving threat landscape. You will lead the development and continuous improvement of a robust TPRM security framework, embedding a dynamic and risk-based approach to third-party oversight.

Key Responsibilities Include:

• Establish and manage a repeatable, risk-based due diligence lifecycle for onboarding, monitoring, and offboarding third parties, including vendors, partners, and service providers.
• Create a cycle of security enhanced due diligence for our critical and high value third party suppliers, ensuring processes meet key regulation CFC needs to be compliant with in alignment with procurement and legal third party requirements.
• Design, implement, and maintain a comprehensive Third Party Risk Management security framework aligned with industry standards (e.g., NIST, ISO 27001, SIG, etc.) and regulation CFC needs to be compliant with.
• Lead security risk assessments of third parties, identifying control gaps and working with stakeholders to mitigate risks through contractual, technical, or procedural means.
• Continuously adapt TPRM practices to reflect the changing regulatory landscape.
• Collaborate with Legal, Procurement, IT, and Business Units to ensure third-party engagements meet security and compliance requirements.
• Define and report on key risk indicators (KRIs) and performance metrics to Group CISO, providing insights into third-party risk posture and trends.
• Evaluate and implement TPRM tools and platforms to streamline assessments, monitoring, and reporting.

Qualifications

• Degree in Cybersecurity, Information Security, Risk Management, or a related field.
• Experience working in multiple time zones
• 5+ years of experience in cybersecurity or risk management, with at least 3 years in a TPRM-specific role.
• Strong knowledge of third-party risk frameworks, security controls, and regulatory requirements.
• Experience with TPRM platforms and tools
• Relevant certifications (e.g., CISM, CRISC, CISSP, CTPRP) are a plus.

Skills & Ability           

• Proven TPRM experience in a security team 
• Strong understanding of global regulation for TPRM
• Exceptional communication and stakeholder management skills.
• Proven ability to develop TPRM frameworks and KRI reports