Third Party Risk Management

Roles & Responsibilities

• Develop and manage a comprehensive third-party risk management framework/program.
• Drive regulatory compliance and remediation programs such as Digital Operational Resilience Act (DORA).
• Independently manage third-party due diligence including initial risk assessments and ongoing monitoring.
• Contribute to governance and provide recommendations on remediation of risks, deficiencies, or gaps, including identifying alternative controls where compliance cannot be met.
• Document and present overall residual risk to higher management for approvals and risk acceptance.
• Interact with vendors, business units, and stakeholders to assess, explain, and remediate identified risks.
• Perform ongoing monitoring activities, including performance monitoring, contractual compliance, SLA/KPI adherence, and negative news monitoring.
• Test design and operating effectiveness of TPRM controls, identify gaps, and recommend improvements.
• Support key reporting activities and perform ad hoc IT risk analysis and reporting.