Global Third Party Risk Analyst

Boku Inc. (BOKU.L) is the leading global provider of local mobile-first payments solutions. Global brands including Amazon, DAZN, Meta, Google, Microsoft, Netflix, Sony, Spotify, and Tencent rely on Boku to reach millions of new paying consumers who do not use credit cards with our purpose-built payment network of more than 300 local payment methods across 70+ countries. Every year, Boku processes over $10 billion in value for our customers. Incorporated in 2008, Boku is headquartered in London and San Francisco and has employees in over 39 countries around the world, including Brazil, China, Estonia, Germany, Ireland, Japan, Singapore, and the UAE. Boku is a truly global company that takes pride in its diversity and thriving equal opportunity workplace.

Responsible for supporting the Operational Resilience Manager with the optimisation and ongoing management of all aspects of the Outsourcing / Vendor Management Lifecycle for several Boku entities. The successful candidate will be able to independently oversee Outsourcing / Vendor Management activities and support the continued improvement of the company’s Outsourcing / Vendor Management Framework in a regulated financial services environment.

Role Qualification:

• 5+ years works experience, preferably in a regulated financial services or payments environment.
• Relevant industry experience in four or more of the following areas:
  • Third-Party Risk Management
  • Contract Management
  • Procurement
  • Business Continuity Management / Disaster Recovery
  • Incident / Crisis Management
  • Testing of Response and Recovery Plans and Procedures
  • Information Security / Cybersecurity
• Professional qualifications in any of these areas will be advantageous.

Key Responsibilities:

The Role will require supporting the Operational Resilience Manager and specific tasks will be assigned which may include the following responsibilities:

• Lead the development and ongoing enhancement of the global Third-Party Risk Management framework and supporting policies / procedures in line with international regulations (e.g. DORA and EBA Outsourcing Guidelines) and industry best practices.
• Work with SMEs and Contract Owners to oversee the end-to-end outsourcing lifecycle including the criticality assessment, initial Due Diligence, Risk Assessments / Business Impact Assessments, contractual reviews, regulatory reporting and ongoing performance monitoring.
• Categorise and tier OSPs / vendors based on risk level and oversee / execute BIAs to determine which are most critical and subject to more robust governance and risk assessments.
• Work with SMEs and Contract Owners to assess controls related to information security, data privacy, business continuity, financial resilience, and regulatory compliance.
• Maintain a centralised third-party inventory (for Register of Information / Outsourcing Register Reporting) and ensure accurate and effective management related to contracts, assessments, and reviews.
• Maintain library of documents provided by Vendors / OSPs as part of Due Diligence and Risk Assessment Process.
• Support the development Outsourcing Committee presentations to communicate plans and report on progress.
• Stay abreast of regulatory changes impacting third-party and outsourcing risk, advising leadership as needed to enable compliance with relevant frameworks and laws, including DORA, EBA, FCA, GDPR, and other jurisdictional guidelines.
• Ensure robust exit and transition plans are in place for critical outsourced services and functions and ensure appropriate testing of these.
• Lead correspondence with third parties where required to meet regulatory obligations such as testing, audits and inspections.
• Participation in the internal / external audits and inspections as required.
• Assessing and evaluating new technology solutions to support more effective and optimised management of the outsourcing Lifecycle.

Required Skills and Competencies

• Proven experience (5+ years) in third-party / vendor risk management in a regulated financial services environment.
• In-depth understanding of regulatory compliance requirements (e.g., DORA, EBA outsourcing guidelines, FCA Handbook, GDPR etc.).
• Demonstrated experience building or managing a third-party risk framework in a global, cross-functional environment.
• Strong stakeholder management skills with experience engaging senior leadership and reporting to Regulatory Bodies.
• Knowledge of third-party / vendor risk management best practices and frameworks.
• Excellent analytical, communication, and report-writing skills.
• Legal or procurement experience related to outsourcing or vendor contracts.
• Strong written and verbal communications skills to articulate complex concepts in simple terms.
• Ability to facilitate workshops to ensure meaningful and influential discussions.
• Strong attention to detail.
• Strong time management skills and ability to meet tight deadlines.
• Results focused and able to see deliverables through to completion.
• Willing to learn and take on responsibility.
• Knowledge of Operational Risk Management and/or Business Continuity Management (Preferred).

#J-18808-Ljbffr