Director of Group Third Party Risk

Requirements

• Significant experience in third party risk management, outsourcing risk, or operational risk within a regulated financial services or large‑scale technology environment
• Strong understanding of third party risk frameworks, lifecycle management, and regulatory expectations
• Proven experience embedding third party risk controls into technology delivery and operational processes
• Demonstrated ability to engage and influence senior stakeholders within a first line ownership model
• Experience leading teams and operating effectively within a matrixed organisation
• (Desirable) Experience operating within a large financial services enterprise with global third party arrangements
• (Desirable) Exposure to cross‑border outsourcing and global supplier landscapes
• (Desirable) Understanding of dependencies between third party risk, operational resilience, data protection, and technology risk
• Senior‑level stakeholder engagement and influence
• Strong ownership and accountability mindset
• Pragmatic, delivery‑oriented approach to risk management
• Ability to balance business enablement with robust risk and control discipline
• Clear and confident communication at executive and governance levels

What the job involves

• The Director, Group Third Party Risk Management – First Line Risk & Control is accountable for the ownership, implementation, and effective operation of the firm’s third party risk management (TPRM) framework across the group
• Operating as a senior first line leader, the role ensures that risks arising from third parties — including outsourcing arrangements, suppliers, vendors, non‑supplier third parties, and strategic partners — are identified, assessed, managed, and monitored throughout the full third party lifecycle
• The role acts as the primary first line owner of the group third party risk framework, working in close partnership with business leaders, business‑aligned third party management officers, Procurement, Legal, Information Security, Operational Resilience, Data Privacy, and enterprise First Line GRC teams
• The role also provides leadership to the first line third party risk community, embedding a strong risk culture, clear accountability, and consistent practices aligned to enterprise expectations
• First Line Ownership of Third Party Risk:
• Own group‑level oversight of third party risks, ensuring risks are identified, assessed, mitigated, and monitored in line with firm standards and regulatory expectations
• Accountable for the effective implementation and embedding of the firm’s third party risk management framework, policies, and standards across the group
• Ensure third party risk considerations are integrated into business decision‑making, technology delivery, and change activity
• Act as the accountable first line owner for group third party risk controls, issues, and remediation actions, providing subject matter expertise to business teams
• Third Party Lifecycle Management:
• Ensure robust third party risk assessments are completed at onboarding, renewal, material change, and exit stages
• Oversee due diligence activities covering financial, operational, technology, cyber, data, privacy, resilience, and regulatory risk domains
• Ensure contractual risk requirements are defined, implemented, and monitored in partnership with Procurement and Legal
• Maintain oversight of material and high‑risk third parties, including concentration, dependency, and substitutability risks
• Governance, Monitoring and Reporting:
• Chair and contribute to relevant first line governance forums covering third party and outsourcing risk
• Define and maintain group‑level third party risk metrics, key risk indicators, and management information, ensuring accuracy and transparency
• Oversee ongoing monitoring, performance management, and issue remediation for critical and high‑risk third parties
• Ensure timely escalation of material third party incidents, breaches, or control failures to senior management and appropriate governance committees
• Stakeholder Engagement and Business Enablement:
• Act as the senior first line risk partner to technology and business stakeholders on third party risk matters
• Work closely with Procurement, Legal, Information Security, Data Privacy, Operational Resilience, and Enterprise Risk teams to ensure joined‑up risk management
• Support regulatory engagements, audits, and internal assurance activity relating to third party and outsourcing risk
• Drive awareness, ownership, and accountability for third party risk management across delivery and operational teams
• Leadership:
• Build and lead a high‑performing third party risk team aligned to the First Line GRC operating model
• Set clear objectives, performance expectations, and development plans aligned to enterprise priorities
• Act as a role model for effective first line risk ownership and pragmatic risk management