Senior Risk Manager - Third Party Risk

General Job Title: Senior Risk Manager – Third Party Risk

Division: General Management – Risk & Compliance

Reports To: Head of Operational Risk

Key Relationships:

• First line internal stakeholders include Procurement and Vendor Management, IT, Data, Underwriters and Claims Managers.
• Second and third line stakeholders include the Risk Management team (Insurance Risk and Enterprise Risk Management team members), Risk Management Senior Leadership Team, Chief Risk Officer and wider team members of second and third line functions (Compliance and Internal Audit).

Job Summary:

The role supports the Head of Operational Risk in the oversight and management of operational risk matters across the group, with a particular focus on third party risk activities. It is also responsible for providing independent second-line oversight, challenge, and assurance over the organisation’s management of risks, including those arising from third parties, outsourced services, and strategic suppliers. The role has primary responsibility for the management of operational risks across a number of business areas, including Delegated Authority, Facilities Management and Talent Management. It also has a particular focus on the design, maintenance, and oversight of the group’s third party risk management framework, ensuring that third party risks are identified, assessed, monitored, and managed in line with the firm’s risk appetite, regulatory requirements, and operational resilience objectives.

Key Responsibilities:

• Provide independent oversight and effective challenge to first-line operational risk activities.
• Review, challenge and contribute to the Third Party Risk Management (TPRM) framework, policies and standards.
• Support the Head of Operational Risk in facilitating regular Risk & Control Self Assessments (RCSAs) with first line risk owners and stakeholders, ensuring the assessments are performed and documented accordingly.
• Oversee the management of delegated authority risk within Underwriting, Claims and Operations as part of the TPRM framework.
• Ensure consistent risk tiering and materiality assessments for all third parties.
• Review and challenge residual risk assessments, risk acceptances, and exceptions related to Operational Risk.
• Oversee integration of Third Party Risk into operational resilience, technology, cyber, and data frameworks.
• Support the implementation and maintenance of a robust control environment with clear ownership and accountability within the business, ensuring control documentation remains accurate and current.
• Develop and monitor key risk indicators (KRIs) and support risk appetite monitoring and management.
• Work collaboratively with 1st Line and Risk domain teams, supporting the embedding of the Operational Risk and TPRM framework into the organisation and across the 3 Lines of Defence model.
• Act as the appropriate liaison across the 3 Lines of Defence model, including 1st Line colleagues, Risk Owners, Compliance and Internal Audit functions, Operational Resilience, and risk domains including Information Security and Sustainability.

Risk Oversight and Reporting:

• Provide review, credible challenge and 2nd Line insights over 1st Line decision-focused risk reporting, dashboards, and actively participate in any thematic deep dives, with particular focus on Third Party and broader risk areas.
• Provide independent risk opinions on emerging operational risk themes.
• Investigate and report operational risk incidents, ensuring lessons learned are captured and implemented.
• Support ORSA, scenario testing, and stress testing, in particular where Third Party dependencies are classed as material.
• Identify systemic risks and concentration vulnerabilities related to TPRM.
• Challenge the quality, completeness, and relevance of first-line reporting and MI, ensuring they support effective risk management and align with risk appetite.

Regulatory and Governance Responsibilities:

• Support compliance with regulatory expectations relating to third party, outsourcing and broader operational risks.
• Act as a second-line point of contact for regulators and Internal Audit.
• Ensure clear governance, escalation, and documentation of third-party risk decisions.
• Promote clear governance and accountability across the first line.
• Promote a culture of good conduct within the Operational Risk team by demonstrating and communicating the expected levels of behaviour and integrity.

General:

It is important that within all your interactions both internally and externally you adhere Beazley’s core values - Being Bold, Striving for Better, and Doing the Right Thing as they contribute to an internal environment of teamwork and promote a positive brand image and experience to our external customers.

Comply with Beazley procedures, policies and regulations including the code of conduct. Undertake training on Beazley policies and procedures as delivered by your line manager, the People & Sustainability or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system. Display business ethics that uphold the interests of all our customers. Ensure all interactions with customers are focused on delivering a fair outcome, including having the right products for their needs. Comply with any specific responsibilities necessary for your role as outlined by your line manager, the People & Sustainability or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas. This may include, amongst others, Beazley’s underwriting control standards, Beazley’s claims control standards, other Beazley standards and customer relationship management. Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system. These may include membership of any Beazley committees or working groups.

Personal Specification:

Essential Criteria:

• Degree level educated or an equivalent combination of education training and experience with third-party frameworks and industry standards; and/or relevant professional qualification (e.g., IRM International Certificate in Operational Risk, Practitioner Certificate in Information Management, etc.).
• Proven third party risk expertise, preferably with knowledge of relevant standards such as ISO 27001, ISO 22301, NIST, and COBIT.
• A strong understanding of the Lloyd’s or wider company insurance market and frameworks is preferable.
• Knowledge and experience of risk management frameworks and tools.

Knowledge, Experience and Skills:

• Demonstrate effective understanding of relevant TPRM regulations for a global organisation operating across the UK, EU, US and Asia.
• Understanding of the commercial drivers and dynamics affecting risk decisions in the insurance sector, as well as operational and risk processes found within an international insurance group.
• Ability to build strong partnering relationships with a wide range of stakeholders, in particular the 1st Line TPRM team.
• Ability to interact professionally and with credibility and manage expectations of management and key stakeholders.
• Ability to manage time, meet deadlines and prioritise.
• Able to communicate effectively with others.
• Ability to build and track remediation plans where deficiencies are identified.
• Proficiency in Microsoft 365 apps.
• Experience of working in a global and fast paced business environment is essential.
• Experience of Committee and Board reporting.

Aptitude and Disposition:

• Application of risk-based judgement.
• Influencing and trusted advisor.
• Flexible.
• Energetic, enthusiastic and positive.
• Team player.
• Self-motivated with the ability to work autonomously.
• Proactive.
• Strong prioritisation skills; ability to meet deadlines and manage stakeholders’ expectations.
• Highest degree of integrity / discretion.
• Strong written and verbal communication skills.
• Analytical.
• Attention to detail, with ability to see bigger picture.
• Ability to challenge, negotiate with, influence and persuade both internal and external parties.