Vendor Risk & Controls SME

Background to the role

Our client, a major global financial services provider, is supported by hundreds of critical services by both internal and external suppliers, using a wide portfolio of systems and services from third-parties and the controls related to the management of third-parties, being a mix of bespoke IT services as well as individual solutions to the provider.

In this role you will act as the conduit to ensure maximum efficiency is provided on behalf of all aspects of vendor risk management and third-party agreements.

This role will be part of a wider team, reporting into the Head of Client and IT Professional services, with a primary focus on managing relationships and maintaining controls across various following disciplines including:

Service improvement – in depth understand of vendor cost effectiveness and vendor management solutions

Service solutions – how can suppliers provide a sleeker service (e.g. buying in bundles, bulk buying, using central services in one place)

Disaster Scenarios – Risk consequence behind vendor system failures and ensuring sufficient measures are in place from a supplier systems perspective (e.g. back-up)

Benchmarking / Managing Service levels – How do bespoke supplier systems compare to other market leading products and how are they priced; accordingly, implementing beneficial rates

Contract Renewals – ensuring contracts are up to date and are best serving the needs of the business

Contract performance monitoring and negotiation

Key responsibilities of the role :

• Improve the design and operation of supplier management to better understand critical and non-critical risk from a first line perspective.
• Ensure controls are aligned to GDPR (Information security, process reviews & systems)
• Work with the process and control owners to develop a set of process, risk and control metrics to allow the processes and systems to be continuously monitored through a trusted and robust set of metrics.
• Act as a champion for good control design and operation by providing coaching and training to supplier chain owners and encouraging a culture of continuous improvement.
• Build a trusted relationship with suppliers
• Responsible for contracts and contracts renewals in line with best practice for VRM division.
• Develop an up to date and efficient Infantry of Supply list
• Understand what service levels are being provided by individual suppliers and look for best solutions to maximize relationship
• For each Supplier group provide guidance to the control owners on best practice
• Oversee the remediation of any defects identified by the vendor risk management process
• Perform ad hoc deep-dive reviews of individual suppliers, specifically where repeated incidents have occurred
• Perform quarterly risk and control self-assessments on supplier controls
• Document control deficiencies and recommend improvements to process and control design and operation
• Conduct onsite or desk-based risk assessments of third parties during the onboarding or tender process to identify risks and weaknesses in the supplier’s systems prior to commencing services with them
• Assist other members of the team by providing guidance around risks and best practices in areas where the candidate has specialist knowledge

Qualifications and Training:

• The ideal candidate would have formal training and hands-on experience of designing, operating, or auditing IT Controls within Third Party Risk, Vendor Risk Management
• Alternatively, the ideal candidate may come from a First line function with responsibility for Relationship management
• Experience of IT in a regulated financial services company would be useful but is not essential
• Demonstrable experience in Information Technology audits or IT Assurance (e.g. CISSP, CISM, CISA, CRISC)
• A sound understanding of British and International Security Standards (for example, ISO or IEC 27001, ISO/IEC 27002, NIST, CIS-20, PCIDSS) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).
• Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including third parties and external customers
• Professional experience in carrying out IT control reviews in a 1s, 2nd or 3rd line of defence position
• Ability to work under pressure maintaining tight deadlines, high concentration levels and keeping up with work-flow requirements