Job Title

Job Summary: We are seeking a highly skilled and experienced Third-Party Risk Deputy-Manager to manage processes across the UK and US businesses. The successful candidate will be responsible for managing the risks associated with engaging clients, third-party vendors, suppliers, contractors, and service providers. They will play a key role in ensuring the integrity, security, and compliance of our third-party relationships. The Third-Party Risk Manager role requires a combination of strong analytical skills, risk management expertise, regulatory knowledge, and effective communication abilities. Technical Skill Requirements Expertise in Third Party Risk Assessment Reporting e.g., SOC1, SOC 2, IT internal audit, Information Security/cybersecurity, IT SOX, IFC Experience on implementing Third Party Risk Management framework Relevant expertise on GDPR requirements, Data privacy and protection, ISO control, NIST Standards. Experience in performing vendor risk assessment, due diligence, vendor evaluations, control testing, IT / infosec risk assessments, network security, Infrastructure assessments. Understanding of GAAP, GAAS, COSO and Sarbanes-Oxley Key Responsibilities: Risk Assessment: Conducting and responding to comprehensive risk assessments of potential third-party vendors before engaging them. Forming TPRM process document and evaluation checklists. This involves evaluating factors such as financial stability, regulatory compliance, security protocols, and overall reputation. Timely Supplier and Client onboarding to ensure the integration into Aptia’s business ecosystem while ensuring that the supplier meets our requirements, standards, and expectations. Contract Review: Collaborating with the US and UK legal teams to review and negotiate contracts with third-party vendors, ensuring that they include adequate provisions for risk mitigation, compliance, data security, and performance standards. Monitoring & Oversight: Implementing processes and systems to continuously monitor third-party vendors throughout the duration of their engagement. This includes tracking performance metrics, compliance with contractual obligations, and any changes in their risk profile. Risk Mitigation Strategies: Developing and implementing strategies to mitigate identified risks associated with third-party relationships. This may involve implementing additional security measures, diversifying vendor portfolios, or establishing contingency plans. Regulatory Compliance: Ensuring that all third-party relationships comply with relevant laws, regulations, and industry standards, such as GDPR, HIPAA, or PCI DSS. Staying abreast of regulatory developments and updating processes accordingly. Communication & Reporting: Regularly communicating with internal stakeholders, including senior management and board members, regarding the status of third-party relationships and associated risks. Providing comprehensive reports and recommendations for decision-making. Incident Response: Coordinating responses to any incidents or breaches involving third-party vendors, including conducting investigations, assessing the impact, and implementing corrective actions to prevent recurrence. Vendor Relationship Management: Building and maintaining strong relationships with clients and third-party vendors based on transparency, communication, and mutual trust. This includes conducting regular meetings, performance reviews, and addressing any concerns or issues promptly. Qualifications & Skills: Bachelor’s degree in business, finance information technology, or a related field. Master's degree or relevant certifications (e.g., CRISC, CTPRP, CTPRA) preferred. Proven experience in third-party risk management, vendor management, or a related field, preferably in a regulated industry. Strong understanding of risk management principles, regulatory requirements, and industry best practices related to third-party relationships. Excellent analytical, problem-solving, and decision-making skills, with the ability to assess and prioritize risks effectively. Exceptional communication and interpersonal skills, with the ability to collaborate cross-functionally and influence stakeholders at all levels of the organization. Proficiency in using risk management tools and technologies, as well as Microsoft Office Suite (Word, Excel, PowerPoint, Outlook). Required Qualification: MBA, CA, CA (Inter), ICWA, Any Graduate Certification: CTPRP, IRM (Level 1, 2 & 3), CISA, CISSP, ISO, NIST