Third Party Risk Management - Risk Reporting

We are seeking a TPRM - Risk Reporting Specialist to support third-party risk governance and reporting activities across Technology & Operations (T&O). This role is responsible for ensuring consistent risk practices, metrics, and reporting across various risk types, supporting the bank's overall third-party risk management (TPRM) framework.

• Duration: 12 months – with a view of extension
• Location: Malaysia

• Develop and maintain a comprehensive third-party risk profile covering all risk types across T&O.
• Drive a consistent RCSA approach for TPRM, including the definition and implementation of key metrics, CSTs, KCIs, and KRIs, with alignment across countries.
• Support the end-to-end lifecycle management of third-party contracts (vendor, non-vendor, and intra-group arrangements).
• Deliver accurate and consistent risk reporting across key control areas such as Security, Resilience, Third Party, Data, and other relevant domains.
• Establish and maintain a RACI framework to support governance and clarify roles and responsibilities across T&O.
• Support the T&O Third-Party Risk Governance Forum, ensuring effective oversight, coordination, and issue management.
• Prepare and present the T&O third-party risk profile reports to relevant risk governance committees (e.g. GTPRMC, NFRC), including updates on control breaches, exceptions, and remediation actions.

• 3-5 years’ experience in risk management, operational risk, or third-party risk governance, preferably within the banking or financial services industry.
• Strong understanding of risk frameworks (RCSA, KRIs, KCIs, CSTs) and third-party lifecycle management.
• Hands‑on experience with risk reporting or governance tools (e.g., MetricStream, ServiceNow, or similar GRC platforms).
• Solid analytical, reporting, and stakeholder management skills, with attention to detail and process discipline.
• Ability to collaborate effectively across Technology, Operations, Risk, and Compliance teams.