AVP_Third Party Risk Management

Headquartered in Tokyo, Sumitomo Mitsui Banking Corporation (SMBC) is a leading global financial institution and a core member of Sumitomo Mitsui Financial Group (SMBC Group). Built upon our rich Japanese heritage since 1876, we put our customers first and provide seamless access to, from and within the Asia Pacific region.   SMBC is one of the largest Japanese banks by assets and maintain strong credit ratings across our global integrated network.  We work closely as one SMBC Group to offer personal, corporate and investment banking services to meet the needs of our customers.

With sustainability embedded within our strategy and operations, we are committed to creating a society in which today’s generation can enjoy economic prosperity and well-being, and pass it on to future generations.

• Execute end-to-end vendor risk assessments, including inherent and residual risk scoring, due diligence, and control validation.
• Ensure compliance with outsourcing guidelines, internal governance frameworks, and DPDP Act obligations (data protection, breach notification, consent management).
• Monitor Key Risk Indicators (KRIs), Service Level Agreements (SLAs), and contractual obligations to identify deviations and emerging risks.
• Maintain risk registers, vendor inventory, and governance repositories in alignment with TPRM standards and audit requirements.
• Collaborate with cross-functional stakeholders (Procurement, Legal, Compliance, Information Security) to remediate control gaps and enforce contractual risk clauses.
• Support vendor onboarding/offboarding lifecycle, including risk sign-offs and exit strategy compliance.
• Prepare risk dashboards, MIS reports, and regulatory submissions for senior management and audit committees.
• Assist in internal/external audits, regulatory inspections, and ensure timely closure of observations.
• Develop and prepare training materials to disseminate TPRM policies, procedures, and compliance requirements to internal stakeholders.
• Drive continuous improvement initiatives, including automation of risk workflows and integration of advanced monitoring tools.
• Stay abreast of emerging regulatory trends, cyber risk developments, and privacy frameworks impacting third-party ecosystems.