Senior Manager Third Party Risk and Alliance Banking

Purpose of the Job:To establish and lead a robust third-party risk management framework that governs how the bank identifies, manages, and monitors risks arising from external third-party engagements including vendors, service providers, outsourcing partners, and critical suppliers. Ensure that third-party relationships are strategically aligned to the bank’s business objectives while maintaining strong risk controls, regulatory compliance, and operational resilience.Act as a trusted advisor and subject matter expert on third-party risk, working across Group functions and business clusters to embed risk culture, strengthen governance, and ensure that third-party dependencies do not compromise the bank’s customer commitments, data protection, or operational continuityMinimum Education and Experience:Post Graduate degree Risk Management/ Finance/ Law/ Supply Chain/ Business Administration or related qualificationMinimum 8+ years management experience in risk management, operational risk, or third-party risk management with demonstrated experience in implementing or managing TPRM frameworks within the banking or financial sectorDeep understanding of end-to-end third-party lifecycle management (due diligence, onboarding, monitoring, renewal, and exit)Skilled in developing and applying TPRM frameworks, methodologies, and tools aligned to banking regulatory requirements.Strong understanding of banking outsourcing/TPRM regulations (e.g., PRA SS2/21, EBA Outsourcing Guidelines, OCC 2013-29, DORA, Basel, GN5)Ability to integrate third-party and Alliance Banking oversight into resilience planning, impact tolerance setting, and exit strategiesSkilled in designing and interpreting KRIs, risk dashboards, and concentration risk analysisAbility to use data analytics to monitor vendor performance, concentration risk, and control effectivenessCompetence in developing dashboards and management reports using TPRM systemsBuilds strong cross-functional relationships with Procurement, Legal, Compliance, IT, and Business Units Role Responsibilities: Management of ResourcesManage and develop subordinate(s): Performance management in terms of contracting, reviews and poor performers, Training and development, Employee relationsManage people efficiencies through leave management, headcount budget, fixed term contracts, staff movements, secondments, staff utilizationTake appropriate disciplinary measures as requiredFacilitate induction of new staff within one month of joining the organization Third Party Risk GovernanceAssist to design, maintain, and continuously improve the bank’s enterprise-wide TPRM framework, ensuring it aligns with regulatory requirements, industry best practice, and internal risk appetiteDefine clear risk taxonomy and classification for third-party relationships (critical, high-risk, material outsourcing, non-material)Ensure alignment with regulatory requirements (e.g., Basel, Prudential Authority, SARB, POPIA, and global outsourcing standards).Establish governance mechanisms, risk appetite statements, and escalation processes for third-party engagements.Provide independent second line reviews, sign-off, or challenge before contracts are signed with material vendors and Alliance partners.Translate the bank’s enterprise risk appetite into specific limits and tolerances for third-party risk (e.g., acceptable dependency levels, concentration thresholds, resilience requirements)Risk Identification & AssessmentDevelop, maintain, and continuously refine a risk assessment methodology that evaluates third parties across multiple risk domainsProvide independent challenge to first line functions (procurement, vendor management, IT, business units) on third-party risk assessments and monitoringDrive adoption of risk-based tiering of third parties (critical, high, medium, low)Evaluate vendor concentration risk and dependency exposureMonitor concentration risks across critical vendors, geographies, and servicesEnsure transparent reporting of issues, breaches, and regulatory findingsProvide second line oversight of vendor-related incidents, disruptions, or breaches (e.g., data breaches, cyber-attacks, service outages)Challenge root cause analysis and track remediation actionsEscalate systemic or material third-party risk issues to senior governance committeesIncident and Issue ManagementDesign and maintain a Third-Party Incident Management Framework aligned to the bank’s enterprise incident and operational risk policiesDefine clear criteria for incident classification (e.g., minor, significant, or material) based on impact on operations, customers, financial loss, or regulatory exposureMonitor systemic or concentration risks arising from third partiesEstablish communication channels and escalation procedures for business owners and service providers to immediately report third-party incidents or control failuresLead or coordinate cross-functional investigations into the cause and impact of third-party incidentsReport vendor incidents, near-misses, or breaches to senior management, highlighting root causes, remediation plans, and potential business impactEnsure that lessons learned from incidents are captured and communicated for continuous improvementProvide training and guidance on risk identification, control execution, and reporting responsibilitiesReporting Prepare and present periodic Third Party Risk Reports for submission and summarize material vendor risks, concentration risks, and resilience gaps in a clear, actionable format for senior decision-makersHighlight emerging trends, regulatory developments, and systemic vulnerabilities in the third-party landscapeDevelop and maintain interactive dashboards that provide visibility of:Third-party inventory and criticality tiering.Risk assessment outcomes and trendsKey Risk Indicators (KRIs) and performance metrics (SLAs, breaches, overdue remediations)Ensure reporting aligns with the risk appetite and tolerance levels, flagging areas where thresholds are breached or at risk of breachMaintain a robust audit trail of risk reporting, including supporting evidence and follow-up actions for regulatory reviewStakeholder EngagementAct as a trusted advisor to business unit leaders on third-party risk exposure and mitigation strategiesEngage with third parties to clarify risk expectations, compliance requirements, and performance standardsPartner closely with Procurement to align supplier onboarding, due diligence, and contracting practices with the TPRM framework Work with Legal to ensure that third-party contracts contain adequate risk clauses, SLAs, exit provisions, and data protection requirementsCollaborate with Internal Audit during independent assurance reviewsSupport audits by providing comprehensive evidence of TPRM processes, governance structures, and remediation follow-upsProvide evidence and assurance that the bank’s TPRM practices meet regulatory expectations and industry best practicesLead internal awareness and capability-building sessions on third-party risk governance