Outsourcing & Third-Party Risk Manager

Governance and Oversight

• Own and maintain the Group Outsourcing and Third-Party Risk Management Framework, ensuring it remains aligned with regulatory expectations, market standards, and the Group’s risk appetite.

• Provide strategic oversight for outsourcing activities across the Group, ensuring consistent application of policy and procedures.

• Advise senior management and Boards on outsourcing risks, emerging trends, and regulatory developments.




Oversight of Outsourced and Third-Party Arrangements

• Ensure all outsourcing and third-party arrangements are appropriately identified, assessed, approved, documented, monitored, and periodically reviewed.

• Oversee the lifecycle of third-party engagements, from initial assessment and due diligence through contract oversight, performance monitoring, and exit.

• Maintain appropriate registers and documentation that reflect the Group’s outsourcing landscape.




Risk Management & Operational Resilience

• Ensure outsourcing arrangements do not compromise the Group’s operational resilience, risk management, data protection, or supervisory obligations.

• Lead the identification and assessment of outsourcing risks, including criticality, concentration risk, and dependency risk.

• Oversee contingency and exit strategies to ensure continuity of business operations in the event of provider disruption.




Cross-Functional Collaboration

• Work closely with Legal, Risk, Compliance, ICT, Information Security, Data Protection, and other functions to ensure that outsourcing and third-party arrangements meet internal and external requirements.

• Provide guidance to first-line teams engaging in or managing outsourced or third-party relationships, ensuring adherence to the outsourcing framework.

• Promote awareness and understanding of outsourcing requirements across the Group through training and stakeholder engagement. 




Monitoring, Assurance & Reporting 

• Establish mechanisms to monitor provider performance, service delivery, and adherence to contractual and regulatory obligations.

• Escalate material risks, breaches, and underperformance to senior management and relevant governance bodies.

• Prepare regular reporting and management information (MI) to support Board and committee oversight of outsourcing and third-party risks.




Regulatory Engagement 

• Act as a key point of contact for regulatory matters relating to outsourcing and third-party risk.

• Ensure the Group meets regulatory expectations for outsourcing notifications, approvals, inspections, and reporting across all jurisdictions.

• Maintain awareness of evolving regulatory requirements and ensure the Group’s outsourcing framework adapts accordingly.

• +5 years of experience in outsourcing, third-party risk, operational risk, or compliance within a regulated financial services environment;

• Proven experience designing or managing a group-wide outsourcing / third-party risk framework;

• Strong knowledge of regulatory requirements (e.g., CySEC, FCA, CMA (formerly SCA));

• Experience overseeing the full outsourcing lifecycle, including due diligence, risk assessment, ongoing monitoring, and exit strategies;

• Ability to assess and manage critical outsourcing risks (concentration, dependency, operational resilience);

• Experience working across multiple jurisdictions and advising senior stakeholders;

• Strong stakeholder management across Legal, Risk, Compliance, and Technology functions;

• Hands-on, build-oriented mindset with the ability to scale processes in a growing organization.