Third-Party Risk Management (TPRM)

Company: Network For Electronic Transfers (S)

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain.

The Group operates Singapore’s national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

Lead the full Third-Party Risk Management (TPRM) lifecycle including onboarding, due diligence, contract/SLA review, performance monitoring.

• Conduct comprehensive risk assessments to identify, evaluate, and mitigate regulatory, operational, financial, and reputational risks for both external suppliers and intragroup service providers supporting Singapore and other regional entities
• Ensure compliance with MAS Guidelines on Outsourcing, Technology Risk Management (TRM) Guidelines, and other local regulatory expectations, while supporting global alignment of frameworks, policies, and the Group’s Register of Outsourced and Third-Party Arrangements
• Monitor supplier and intragroup service performance, SLAs, and risk metrics; elevate issues and enforce remediation plans; ensure contracts and service agreements include adequate security, audit, incident reporting, exit, and business continuity provisions in line with MAS expectations
• Partner with Legal, Compliance, Sec ops, Procurement, and business owners to strengthen governance over third parties and service providers, ensuring regulatory obligations are met.
• Provide management, risk committees, and governance with actionable reporting on risk trends, remediation progress, and emerging third-party and risk
• Support the implementation and continuous improvement of TPRM automation/workflow platforms (e.g., Audit), ensuring data-driven risk reporting and process efficiency
• Maintain and update the outsourcing register in accordance with MAS requirements, ensuring it is audit-ready and accessible for regulatory review

5 years’ experience in third-party risk, outsourcing risk, operational risk, or compliance/assurance within financial services, fintech, or other regulated environments

• Demonstrated hands‑on involvement in the full TPRM lifecycle (onboarding, due diligence, contract/SLA review, monitoring, and exit)
• Familiarity with, or direct experience applying, regional regulatory requirements in Singapore - particularly MAS Guidelines on Outsourcing, Technology Risk Management (TRM), and related expectations for third-party and cloud service providers
• Strong understanding of vendor contract requirements (security, audit, incident reporting, exit strategy) and ability to drive contract remediation initiatives
• Experience using TPRM automation/workflow platforms and producing data‑driven risk reporting
• Excellent communication and stakeholder management skills, with the ability to build credibility and influence across the group.

Network for Electronic Transfers (Singapore) Pte Ltd.