AVP, Third Party Risk, Risk Department

Third Party Risk Management as a 2nd Line function

• Implementation of risk governance and regulatory compliance frameworks and processes in APAC region for assessing, monitoring and reporting of third party risks inherent in business operations
• Upkeep and operationalize Third Party Risk Management Framework, including formulation and maintenance of policies, procedures and standards to meet regulatory requirements
• Work closely with stakeholders in the 3 lines of defence to implement appropriate risk governance/oversight, design/determine/establish metrics like KRIs, implement controls and promote best practices that drive third party risk management and regulatory compliance
• Coordinate third party risk management efforts and manage Governance, Risk and Compliance (GRC) activities across the APAC Offices and with HO to drive timely completion of third party risk deliverables and resolution of key risk issues
• Communicate technical concepts to non-technical audience and senior management and lead efforts to cultivate and promote a strong third party risk culture and ensure adherence to third party risk management policies, procedures and standards

Responsibilities

• Operationalize Third Party Risk management framework (vendor governance and compliance framework, risk identification/ monitoring/ reporting, policies, procedures, standards) and exercise oversight of all third party risk management activities.
• Design, determine and establish KRIs, implement risk control measures and best practices (eg. Due Diligence for Third-Party Service Providers/Outsourcing arrangements).
• Drive timely completion of third party risk deliverables and resolution of key risk issues.
• Provide effective review and challenge to risk assessment of third party risk incidents, issues and trends; communicate technical concepts to non-technical audience and provide advisory as Subject Matter Expert (eg. For new product applications, outsourcing of services and engagement of third party vendors and service providers).

• Cultivate and promote a strong third party risk culture.
• Partner 1LoD TPRM Team to conduct training to facilitate and promote proper management of third party related risks, compliance with regulatory requirements and industry standards

Requirements

• Good knowledge of outsourcing/third party and operational risk requirements and industry standards.
• Strong understanding of operational resilience, including business continuity management, technology risk and operational risk
• Minimum 3-5 years experience in outsourcing, procurement, vendor/ third party, technology risk or operational risk management, preferably in banking or financial services.
• Familiarity with GRC Reporting (eg. Connected Risk) and TPRM software (eg. Coupa) will be favorably considered.
• Professional certifications such as CTPRP, CTPRA, CISSP, CRISC, CRCM or CISA would be advantageous.
• Good project management skills and experience.
• Ability to perform gap analysis of third party risk management policies and processes against new regulatory requirements and guidelines.
• Self-starter and a critical thinker.
• Proactive, resourceful and able to think and act strategically and tactically.
• Able to multi-task and work independently under tight timelines.
• Strong oral and written communication skills.
• Strong stakeholder management skills.
• Culturally sensitive.