Senior Vendor Governance Officer IND

Job Purpose
Vendor Management team is a control function which overseas and reports on the effectiveness of vendor performance and risk management for the Group.

• Vendor Management is primarily responsible for executing the Group’s vendor management and outsourcing requirements in compliance with Group policies and business strategy.
• Ensure timely processing of risk assessments, risk acceptances, and ongoing monitoring of program compliance inline with the Group approved Vendor Management & Outsourcing policy and associated procedures.
• Assist the business in on boarding, ongoing monitoring, and exiting/ terminating relationships with vendors.
• Plan, deliver and report risk assessment activity over supplier arrangements with the intent to identify measure, mitigate and report key risks.
• Delivering continuing change into the business as policy and procedures evolve

Responsibilities

Required Responsibilities but not limited to:
Core responsibilities

1. Risk Assessment and Due Diligence:

• Conduct detailed risk assessments of third-party vendors and service providers, focusing on areas such as financial stability, security practices, regulatory compliance, and overall risk exposure.
• Perform initial and ongoing due diligence, gathering and analysing data from various sources to assess the risk profile of third-party entities.

2. Vendor Onboarding and Offboarding:

• Support the vendor onboarding process by conducting thorough risk evaluations and providing recommendations for approval or rejection.
• Manage the offboarding process of third-party vendors, ensuring proper documentation and risk mitigation steps are followed.

3. Monitoring and Reporting:

• Develop and maintain an up-to-date inventory of third-party relationships, including risk ratings and criticality assessments.
• Continuously monitor third-party performance and compliance through regular assessments, reviews, and audits.
• Prepare and present detailed reports and dashboards on third-party risk status, trends, and remediation efforts to senior management and other stakeholders.
• Report and publish Vendor Management KRI reporting at key governance forums on a monthly basis

4. Policy and Procedure Development:

• Assist in the development, implementation, and maintenance of third-party risk management policies, procedures, and guidelines.
• Ensure policies and procedures are aligned with industry best practices, regulatory requirements, and organizational goals.

5. Collaboration and Stakeholder Engagement:

• Work closely with procurement, legal, compliance, IT, Architecture team and other relevant departments to ensure third-party risk management processes are integrated and effective.
• Act as a liaison between the organization and third-party vendors, facilitating communication and resolving issues related to risk management.

6. Training and Awareness:

• Develop and deliver training programs to internal stakeholders on third-party risk management processes, tools, and best practices.
• Promote awareness of third-party risk management throughout the organization to ensure a culture of risk awareness and accountability.

7. Incident Response and Remediation:

• Assist in the investigation and resolution of incidents involving third-party vendors, including data breaches, compliance violations, and performance failures.
• Coordinate remediation efforts and ensure corrective actions are implemented and tracked.

8. Regulatory Compliance:

• Stay current with regulatory developments and industry standards related to third-party risk management.
• Ensure third-party risk management activities comply with applicable laws, regulations, and industry standards.

9. Continuous Improvement:

• Identify opportunities for improving third-party risk management processes, tools, and methodologies.
• Participate in projects and initiatives aimed at enhancing the efficiency and effectiveness of the third-party risk management program.

10. Data Analysis and Insights:

• Utilize data analytics to identify trends, patterns, and potential risks within the third-party ecosystem.
• Provide actionable insights and recommendations to mitigate identified risks and enhance the overall risk management framework.

Other Responsibilities

• Vendor Management forms processed and completed as per the Due Diligence Matrix of the Group Vendor Management & Outsourcing Policy (VM&O policy) with 100% accuracy and in-time to plan.
• Support the review of BCP/ DR and Contingency plan along with remediation action for the Group’s vendors by working with ROs, relevant stakeholders.
• Administratively manage monthly Vendor Management Committee and other key governance meetings (schedule meetings, build pack, draft minutes, and issue) by working with Line Manager (LM) and Functional Manager (FM)
• Maintain Vendor Management Group shared folder structure in accordance with Group record management policy.
• Assist and support the team in updating the Group’s vendor database with appropriate oversight/ approval with evidence on a monthly basis.
• Support LM and FM in all Audit open actions to be close as per the agreed timeline in 100% of the cases, without extensions.
• Support ROs in presenting Outsourcer Annual Report Document at Key governance forum on a monthly basis.
• Support vendor management ad hoc projects/ tasks (not part of BAU and Change initiatives) within the agreed timeline with LM and FM
• Support InfoSec Team in the review of IT Security questionnaire for vendors by liaising with Relationship owners (RO), Information Security team and vendor in line with VM&O policy and Information Security policy.
• Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations
• Accountability to ensuring best in class core vendor supplier risk analysis of applicable portfolio ensuring consistency with industry leading practices and conform to all the internal vendor procedure / policies and all related regulatory expectations.
• Active engagement key front line governance routine inclusive of strategic planning session, governance committees and business review.
• High awareness and adherence to the control environment including Quality Assurance and Quality Control.
• Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations

Experience Requirements

• Overall experience of 8 – 10 years, preferably in Banking and Financial Services
• At least 3-5 years of work experience in Third Party Risk Management roles and / or supply chain risk management, preferably in Banking and Financial Services
• Experience in a relationship and stakeholder management.

Knowledge Requirements

• Experience with vendor lifecycle and/or supplier management process, including knowledge of Third Party and outsourcing regulations, is a definitive advantage.
• Excellent success in supporting engagements or other problem-solving initiatives requiring coordination of cross-functional team members with varied backgrounds and skills.
• Good understanding of information security management, Data Privacy, IT service continuity, IT disaster recovery, business continuity management, and third-party control assurance
• Demonstrate sound understanding of risk and risk management processes and quality assurance.
• Knowledge of current applicable regulatory requirements relevant to regulated financial institutions (FCA, PRA, ICO)
• Proficient in PowerPoint, PowerBI, Excel, and key analytics tool (TPRM system)
• Strong interpersonal and communication skills (both written and verbal) and ability to work collaboratively, as one team.
• Ability to think laterally and develop new and innovative solutions to problems.
• Ability to effectively manage competing priorities.
• Ability to identify and implement process improvement opportunities

Required Qualifications/Certifications

• GSCE/GCE qualifications in both maths and English are essential
• Bachelor’s degree (graduate degree) is essential.
• Suitable qualification in risk management or quality assurance
• Certification or sound knowledge and understanding of continuous improvement methodologies (Ex: Lean, Six Sigma, FMEA)

Responsibilities re Information Security Management System (as per ISO 27001 Certification Requirements)

• Ensure strict adherence to company’s security policies and procedures (for ex: Password policy, clear screen and clear desk policy, etc.)
• Take ownership of all the assets/information assigned and secure it in compliance with ISO 27001 standards implemented in the company.
• Co-operate and co-ordinate for the internal audits conducted in the company (complying to ISO 27001 standard).
• Report to the Incident Response Manager, any incidents you come across in the office with regard to Security threats like threats to physical asset & stored information or any risks detrimental to the Security Policies of the company, etc.,.
• Responsible to supervise in ensuring that all personnel reporting to you shall observe all Security requirements and be appropriately trained in Security.