Vp/ Svp, Third Party Risk Management, Easre, Group

Business Function
Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage the Bank's Technology operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Job Purpose
The incumbent is expected to lead a team, establish and oversees the third party risk standards, governance processes, promotes risk awareness, culture and provide directions to manage inadequate controls over third party and outsourcing risks. Additionally, the incumbent is to lead a team to oversee the Group Technology third party management including outsourcing risk governance. The incumbent will play an active role working in a dynamic environment with the service delivery teams to embed controls in their processes and operations in managing third party services. The incumbent needs to have analytical skills to assess information and identify potential risks, possess problem-solving skills and be inquisitive on risks and controls issues and rationalize their mitigation. Communication skills are important, because he/she must develop clear protocols, inform management about potential risk issues and relay information as well as impact about policy changes effectively.
Job Description Summary
- Governance of service delivery management by SDM with periodic monitoring and reporting of third party including outsourcing risks, including risk arising from service level failures
- Lead a team to support and provide direction to service delivery managers to execute and complete all outsourcing risk and control assessments, as well as engaging service delivery teams with the objectives of identifying risks, controls, and operational lapses.
- Advising Technology staff of potential concentration risk of third party arrangements including outsourcing to the service providers
- Monitor and assess effectiveness of the Group’s third party management approach, process and risk controls.
- Review, assess and recommend approval of material third party outsourcing arrangements
- Review, monitor and assess the aggregated Group-wide outsourcing portfolio for concentration risks and provide guidance for the management of concentration risk or assess opportunities to rationalize and de-risk

Key Accountabilities
- Provide direction for resolution of escalated key issues and risks. To monitor issue resolution for escalated unresolved risk and control issues relating to third party and outsourcing that could potentially impact the Group Technology
- Discuss key third party and outsourcing issues/ challenges and review key statistics (e.g. total outsourcing arrangements at Group Technology level or relating to specific outsourced service provider(s)), major events and operational/business impacts (e.g., due to service level breaches, overdue deliverables, etc.) which resulted in financial, operational, legal/regulatory and reputational losses
- Review and highlight new non-material outsourcing arrangements to the relevant management committees to provide a perspective of new outsourced activities in the Group
- Establish and maintain the third party and outsourcing management related frameworks to ensure that it continues to be relevant, current and effective
- Reporting and analytics on third party arrangements including outsourcing arrangements
- Liaison with stakeholders (unit outsourcing the activities) and key SMEs (FCSS, ISS, GBCM, GORM, Tech Risk Management, Operations Risk Management, RMG, Compliance) on risk and control matters and ad-hoc projects / rationalization.

**Requirements**:

- Relevant university degree in Information Technology or Computer Science, experience in banking, third party or vendor risk management (preferred) with total 10 - 15 years of experience in service delivery management
- Professional Certification preferred - CISA/CISM/CISSP/CRISC/CBCP.
- Demonstrate good understanding of third party including outsourcing, service provider management, outsourcing and banking regulatory as well as experience in risk and governance activities.
- Demonstrated hands-on experience in identifying, assessing, treating, monitoring, reporting and advising on operational risk management
- Excellent organizational, problem solving, interpersonal and operating skills to effectively drive risk agenda
- Good working knowledge of Business Intelligence (BI) tools such as Tableau, Power BI to analyse trends, anomalies and behavi