Outsourcing & Third-Party Risk Manager

Responsibilities

Governance and Oversight

Own and maintain the Group Outsourcing and Third-Party Risk Management Framework, ensuring it remains aligned with regulatory expectations, market standards, and the Group’s risk appetite.

Provide strategic oversight for outsourcing activities across the Group, ensuring consistent application of policy and procedures.

Advise senior management and Boards on outsourcing risks, emerging trends, and regulatory developments.

Oversight of Outsourced and Third-Party Arrangements

Ensure all outsourcing and third-party arrangements are appropriately identified, assessed, approved, documented, monitored, and periodically reviewed.

Oversee the lifecycle of third-party engagements, from initial assessment and due diligence through contract oversight, performance monitoring, and exit.

Maintain appropriate registers and documentation that reflect the Group’s outsourcing landscape.

Risk Management & Operational Resilience

Ensure outsourcing arrangements do not compromise the Group’s operational resilience, risk management, data protection, or supervisory obligations.

Lead the identification and assessment of outsourcing risks, including criticality, concentration risk, and dependency risk.

Oversee contingency and exit strategies to ensure continuity of business operations in the event of provider disruption.

Cross-Functional Collaboration

Work closely with Legal, Risk, Compliance, ICT, Information Security, Data Protection, and other functions to ensure that outsourcing and third-party arrangements meet internal and external requirements.

Provide guidance to first-line teams engaging in or managing outsourced or third-party relationships, ensuring adherence to the outsourcing framework.

Promote awareness and understanding of outsourcing requirements across the Group through training and stakeholder engagement.

Monitoring, Assurance & Reporting

Establish mechanisms to monitor provider performance, service delivery, and adherence to contractual and regulatory obligations.

Escalate material risks, breaches, and underperformance to senior management and relevant governance bodies.

Prepare regular reporting and management information (MI) to support Board and committee oversight of outsourcing and third-party risks.

Regulatory Engagement

Act as a key point of contact for regulatory matters relating to outsourcing and third-party risk.

Ensure the Group meets regulatory expectations for outsourcing notifications, approvals, inspections, and reporting across all jurisdictions.

Maintain awareness of evolving regulatory requirements and ensure the Group’s outsourcing framework adapts accordingly.

Requirements

+5 years of experience in outsourcing, third-party risk, operational risk, or compliance within a regulated financial services environment;

Proven experience designing or managing a group-wide outsourcing / third-party risk framework;

Strong knowledge of regulatory requirements (e.g., CySEC, FCA, CMA (formerly SCA));

Experience overseeing the full outsourcing lifecycle, including due diligence, risk assessment, ongoing monitoring, and exit strategies;

Ability to assess and manage critical outsourcing risks (concentration, dependency, operational resilience);

Experience working across multiple jurisdictions and advising senior stakeholders;

Strong stakeholder management across Legal, Risk, Compliance, and Technology functions;

Hands-on, build-oriented mindset with the ability to scale processes in a growing organization.