Third Party Technical Risk Assurance Manager
Risk Management & Compliance
Please click on the Apply to verify the status of jobs posted more than 15 days ago, as they may have expired. Similar Jobs
Job Description
: IT & Cyber Technical Risk Assurance Manager (Third Party / Supplier)
Role Overview:
Lead third-party/supplier technical risk assurance for banking/finance/hedge fund businesses, ensuring risk exposure from outsourced services, cloud providers, fintech partners, and critical ICT vendors is identified, assessed, controlled, and monitored in line with Cyber Strategy and Group CISO directives.
Design and operate a risk-based Third-Party Assurance (TPA) programme covering due diligence, onboarding, contractual security clauses, continuous monitoring, issue remediation, and offboarding/exit strategies. Provide decision-ready inputs to the Technology Risk Forum (TRF) and manage regional expertise/stakeholder communication.
Key Responsibilities:
· Third-Party Risk Framework & Governance: Establish policy, standards, and procedures for third-party technical risk; define tiers, inherent risk profiling, and control requirements based on service criticality and data sensitivity.
· Due Diligence & Onboarding: Perform technical/security due diligence (architecture, controls, certifications, testing); verify compliance to ISO/IEC 27001:2022, NIST CSF 2.0 outcomes, GDPR, DORA (EU) contractual obligations, EU AI Act responsibilities, PCI DSS for payment services, and COBIT-aligned governance.
· Contractual & SLA Controls: Embed DORA ICT contractual clauses (where applicable), breach notification, resilience testing/TLPT, data location, logging/monitoring, vulnerability/patch SLAs, incident reporting timelines, and audit rights.
· Continuous Monitoring & Assurance: Operate ongoing assurance (attestations, evidence reviews, targeted testing, control sampling); monitor cyber events, SLA breaches, and material changes; trigger escalation and remediation.
· Third-Party Resilience & Exit: Validate DR/BC/exit strategies; test data return/destruction; assess concentration risk; coordinate with procurement/legal for remediation and termination when required.
· Technology Risk Forum Inputs: Present supplier risk posture, top thematic third-party risks, remediation progress, and decisions required (e.g., onboarding approvals, remediation funding, exception handling).
· Stakeholder Engagement: Partner with business owners, procurement, legal, privacy, security engineering, SOC, IT Ops, and regulators/auditors to ensure clear accountability and timely closure of actions.
· Regional Enablement: harmonise assurance methods and reporting across countries; ensure cultural/regulatory nuances are addressed.
· Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
· Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.
Looking to get Placed? Try our Placement Guarantee Plan
Candidate Profile:
· 7+ years in third-party technical risk assurance/TPRM within financial services, including critical ICT providers and cloud services.
· Hands-on experience embedding DORA contractual clauses, GDPR DPAs, ISO/IEC 27001:2022, NIST CSF 2.0 outcomes, EU AI Act responsibilities, PCI DSS, COBIT governance, and ISO 31000 risk treatment.
· Exceptional communication, presentation, articulation, and stakeholder influence skills; effective at supplier engagement and executive reporting.
Success Indicators
· Third-party onboarding with complete due diligence and compliant contracts; clear risk decisions documented.
· Reduction in vendor-origin incidents and SLA breaches; timely breach notifications and effective remediation.
· Audit/regulator confidence in supplier controls; strong evidence quality and continuous monitoring performance.
· Clear TRF narratives enabling funding/prioritization and strategic decisions on vendors.
Skills
AiIf an employer asks you to pay any kind of fee, please notify us immediately. Jobaaj does not charge any fee from the applicants and we do not allow other companies also to do so.
Important dates & deadlines?
Application Deadline
22 Jun 26, 03:48 PM IST
Similar Jobs
View All
Don't Miss out any Updates
Subscribe now for the latest job alerts
and never miss an update
