Third Party Risk Management as a 2nd Line function

• Implementation of risk governance and regulatory compliance frameworks and processes in APAC for assessing, monitoring and reporting of third party risks inherent in business operations
• Upkeep and operationalize Third Party Risk Management Framework, including formulation and maintenance of policies, procedures and standards to meet regulatory requirements
• Work closely with stakeholders in the 3 lines of defence to implement appropriate risk governance/oversight, design/determine/establish metrics like KRIs, implement controls and promote best practices that drive third party risk management and regulatory compliance
• Coordinate third party risk management efforts and manage Governance, Risk and Compliance (GRC) activities across the APAC Offices and with HO to drive timely completion of third party risk deliverables and resolution of key risk issues

Communicate technical concepts to non-technical audience and senior management and lead efforts to cultivate and promote a strong third party risk culture and ensure adherence to third party risk management policies, procedures and standards

Responsibilities

• Operationalize Third Party Risk management framework (vendor governance and compliance framework, risk identification/ monitoring/ reporting, policies, procedures, standards) and exercise oversight of all third party risk management activities.
• Design, determine and establish KRIs, implement risk control measures and best practices (eg. Due Diligence for Third-Party Service Providers/Outsourcing arrangements).
• Drive timely completion of third party risk deliverables and resolution of key risk issues.
• Perform assessment of third party risk incidents, issues and trends, communicate technical concepts to non-technical audience and provide advisory as Subject Matter Expert (eg. For new product applications, outsourcing of services and engagement of third party vendors and service providers).
• Cultivate and promote a strong third party risk culture.

Requirements

• Good knowledge of outsourcing/third party and operational risk requirements and industry standards.
• Minimum 2 years experience in outsourcing, procurement, vendor/ third party or operational risk management, preferably in banking or financial services.
• Certifications such as CTPRP, CTPRA, CISSP, CRISC, CRCM would be advantageous.
• Good project management skills and experience.
• Ability to perform gap analysis of third party risk management policies and processes against new regulatory requirements and guidelines.
• Self-starter and a critical thinker.
• Proactive, resourceful and able to think and act strategically and tactically.
• Able to multi-task and work independently under tight timelines.
• Strong oral and written communication skills.
• Strong stakeholder management skills.
• Culturally sensitive.