Work with the 2nd Line of Defence to develop policy-compliant Third Party Risk Management requirements for Suppliers. The process will cover the end-to-end Third Party Risk Management Lifecycle and drive the requirements for the development and implementation of the global technology solution (Archer) being deployed by the 1st Line of Defence.
During 2017 and 2018, Procurement will create a core service around Third Party Management (TPM) which includes Third Party Risk Management, Contract Lifecycle Management and Supplier Performance and Relationship Management. This will be supported by an offshore utility (the Global Third Party Utility GTP-U) and one common technology platform (Archer).
The existing Supplied Services team will be used as the nucleus of Utility to create a 1st line centralised hub of expertise around all aspects of third party management. This Service will significantly increase the bank's awareness, visibility, management capability and control of, bank-wide, third party management.
Observation of Internal Controls (Compliance Policy / FIM requirements)
This Service will make the 1st line compliant with the new TPRM Policy and Framework (Dec '16) and significantly increase the bank's awareness, visibility, management capability and control of third parties.
- Undertake gap analysis of existing approaches in the Bank to assess Inherent and Residual Risk
- Support the development of one set of requirements globally for assessing Inherent and Residual Risk
- Help agree requirements for Inherent and Residual Risk with risk stewards
- Obtain approval of requirements from 2LOD
- Design and agree risk scoring
- Identify global due diligence requirements
- Establish ongoing monitoring and assurance requirements
- Agree Key Indicators (KIs) and reporting
Technical Skill Requirements
- Supplier Risk
- Cyber Risk
- Business Conitnuity Risk
- Operational Risk Management
- Monitoring and assurance
Personal Skill Requirements
- Stakeholder Mangement
- Third Party Risk Management
- Working for global organisations
- Banking experience preferable
- Min 10 years risk management experience
Experience with Archer or KYP3 would also be great