Senior Manager Third Party Risk And Alliance Banking

To establish and lead a robust third‑party risk management framework that governs how the bank identifies, manages, and monitors risks arising from external third‑party engagements including vendors, service providers, outsourcing partners, and critical suppliers.

Ensure that third‑party relationships are strategically aligned to the bank's business objectives while maintaining strong risk controls, regulatory compliance, and operational resilience.

Act as a trusted advisor and subject‑matter expert on third‑party risk, working across Group functions and business clusters to embed risk culture, strengthen governance, and ensure that third‑party dependencies do not compromise the bank's customer commitments, data protection, or operational continuity.

Post Graduate degree in Risk Management / Finance / Law / Supply Chain / Business Administration or related qualification.

Minimum 8+ years management experience in risk management, operational risk, or third‑party risk management with demonstrated experience in implementing or managing TPRM frameworks within the banking or financial sector.

Deep understanding of end‑to‑end third‑party lifecycle management (due diligence, onboarding, monitoring, renewal, and exit).

Skilled in developing and applying TPRM frameworks, methodologies, and tools aligned to banking regulatory requirements.

Strong understanding of banking outsourcing / TPRM regulations (e.g., PRA SS2 / 21, EBA Outsourcing Guidelines, OCC, DORA, Basel, GN5).

Ability to integrate third‑party and Alliance Banking oversight into resilience planning, impact tolerance setting, and exit strategies.

Skilled in designing and interpreting KRIs, risk dashboards, and concentration risk analysis.

Ability to use data analytics to monitor vendor performance, concentration risk, and control effectiveness.

Competence in developing dashboards and management reports using TPRM systems.

Builds strong cross‑functional relationships with Procurement, Legal, Compliance, IT, and Business Units.

Manage and develop subordinate(s): performance management in terms of contracting, reviews and poor performers, training and development, employee relations.

Manage people efficiencies through leave management, headcount budget, fixed term contracts, staff movements, secondments, staff utilisation.

Take appropriate disciplinary measures as required.

Facilitate induction of new staff within one month of joining the organisation.

Assist to design, maintain, and continuously improve the bank's enterprise‑wide TPRM framework, ensuring it aligns with regulatory requirements, industry best practice, and internal risk appetite.

Define clear risk taxonomy and classification for third‑party relationships (critical, high‑risk, material outsourcing, non‑material).

Ensure alignment with regulatory requirements (e.g., Basel, Prudential Authority, SARB, POPIA, and global outsourcing standards).

Establish governance mechanisms, risk appetite statements, and escalation processes for third‑party engagements.

Provide independent second line reviews, sign‑off, or challenge before contracts are signed with material vendors and Alliance partners.

Translate the bank's enterprise risk appetite into specific limits and tolerances for third‑party risk (e.g., acceptable dependency levels, concentration thresholds, resilience requirements).

Develop, maintain, and continuously refine a risk assessment methodology that evaluates third parties across multiple risk domains.

Provide independent challenge to first line functions (procurement, vendor management, IT, business units) on third‑party risk assessments and monitoring.

Drive adoption of risk‑based tiering of third parties (critical, high, medium, low).

Evaluate vendor concentration risk and dependency exposure.

Monitor concentration risks across critical vendors, geographies and services.

Ensure transparent reporting of issues, breaches and regulatory findings.

Provide second line oversight of vendor‑related incidents, disruptions or breaches (e.g., data breaches, cyber‑attacks, service outages).

Escalate systemic or material third‑party risk issues to senior governance committees.

Design and maintain a Third‑Party Incident Management Framework aligned to the bank's enterprise incident and operational risk policies.

Define clear criteria for incident classification (e.g., minor, significant, or material) based on impact on operations, customers, financial loss or regulatory exposure.

Monitor systemic or concentration risks arising from third parties.

Establish communication channels and escalation procedures for business owners and service providers to immediately report third‑party incidents or control failures.

Lead or coordinate cross‑functional investigations into the cause and impact of third‑party incidents.

Report vendor incidents, near‑misses or breaches to senior management, highlighting root causes, remediation plans and potential business impact.

Ensure that lessons learned from incidents are captured and communicated for continuous improvement.

Provide training and guidance on risk identification, control execution and reporting responsibilities.

Prepare and present periodic Third Party Risk Reports for submission and summarise material vendor risks, concentration risks and resilience gaps in a clear, actionable format for senior decision‑makers.

Highlight emerging trends, regulatory developments and systemic vulnerabilities in the third‑party landscape.

Develop and maintain interactive dashboards that provide visibility of third‑party inventory and criticality tiering.

Key Risk Indicators (KRIs) and performance metrics (SLAs, breaches, overdue remediations).

Ensure reporting aligns with the risk appetite and tolerance levels, flagging areas where thresholds are breached or at risk of breach.

Maintain a robust audit trail of risk reporting, including supporting evidence and follow‑up actions for regulatory review.

Act as a trusted advisor to business unit leaders on third‑party risk exposure and mitigation strategies.

Engage with third parties to clarify risk expectations, compliance requirements and performance standards.

Partner closely with Procurement to align supplier onboarding, due diligence and contracting practices with the TPRM framework.

Work with Legal to ensure that third‑party contracts contain adequate risk clauses, SLAs, exit provisions and data protection requirements.

Collaborate with Internal Audit during independent assurance reviews.

Support audits by providing comprehensive evidence of TPRM processes, governance structures and remediation follow‑ups.

Provide evidence and assurance that the bank's TPRM practices meet regulatory expectations and industry best practices.

Lead internal awareness and capability‑building sessions on third‑party risk governance.

Mid‑Senior level

Full‑time

Finance

Banking