Vice President, IT Third Party Risk & Portfolio Management (Job ID:10076240)

Job Responsibilities:

The Vice President, IT Third Party Risk Management (“TPRM”) is a senior leadership role responsible for leading the IT TPRM team and overseeing the end-to-end IT third-party risk management framework across the System Office of Asia (ASO). The role supports ASO in executing robust, consistent, and compliant IT TPRM processes covering the full lifecycle of IT third parties.

In addition, this role acts as the IT Third Party Portfolio Lead for ASO, responsible for managing, coordinating, and overseeing the overall portfolio of IT-related third parties. The VP ensures strong governance, risk transparency, regulatory alignment, and effective oversight across all IT vendors, service providers, and outsourcing arrangements.

The role also partners closely with regional and local stakeholders across IT, Risk, Compliance, Information Security, Legal, Procurement, and Business teams to enable secure and resilient third-party engagements while supporting business objectives.

Third Party Risk Management (TPRM) – IT Focus

• Support the leadership and execution of the IT Third Party Risk Management framework for ASO, ensuring alignment with internal policies, ASO standards, and applicable regulatory expectations.

• Oversee the end-to-end IT third party lifecycle, including onboarding, due diligence, risk assessment, outsourcing classification, ongoing monitoring, issue management, remediation tracking, and offboarding.

• Ensure consistent application of IT TPRM processes across ASO branches, including coordination with the team members.

• Partner with Risk, Compliance, Information Security, Data Privacy, Legal, and Internal Audit to identify, assess, and mitigate IT third-party risks.

• Drive enhancements to IT TPRM methodologies, tools, templates, metrics, and governance processes.

• Provide management-level reporting on IT third party risk posture, key risk themes, emerging risks, and remediation status.

IT Third Party Portfolio Management

• Act as the IT Third Party Portfolio Lead for ASO, maintaining oversight of all IT-related vendors, service providers, and outsourcing arrangements.

• Establish and maintain a consolidated view of the IT third-party portfolio, including risk profiles, criticality, concentration risk, and dependency.

• Coordinate with IT, Procurement, and business stakeholders to ensure appropriate governance, accountability, and ownership for each IT third party.

• Monitor third party performance, resilience, and risk trends, and escalate material risks, issues, or control gaps to senior management.

• Support strategic decision-making related to IT vendor rationalization, outsourcing strategy, and risk appetite

Policy, Procedures, Risk & Controls

• Ensure IT TPRM activities comply with local regulatory requirements, outsourcing guidelines, and internal governance expectations across ASO jurisdictions.

• Support regulatory examinations, internal audits, and management reviews by providing clear documentation, responses, and evidence.

• Contribute to the development, maintenance, and periodic review of IT TPRM policies, standards, procedures, risk assessments and guidelines.

• Track regulatory developments related to IT outsourcing and third-party risk, and translate them into actionable governance enhancements.

Leadership & Stakeholder Management

• Help lead and oversee the ASO IT TPRM team, including Assistant Vice Presidents based in Singapore and Bangalore, India.

• Act as a trusted advisor to senior IT and risk leadership on IT third-party risk, outsourcing, and vendor governance matters.

• Drive collaboration across regional and local teams to ensure consistency, efficiency, and clear ownership.

• Support regional or global initiatives related to IT outsourcing governance, third party risk transformation, and operating model enhancements.

Required Experience & Qualifications

• 10 years of experience in third‑party risk management, procurement operations, operational risk, or related governance functions.

• Experience managing Third Party Risk Management programs in Singapore, including experience with MAS regulatory expectations.

• Experience in performing IT/Cyber related risk assessments, including policy and procedure management, vendor governance, and operational controls.

• Experience working in a regulated financial services or large multinational environment preferred.

• Demonstrated ability to operate at VP / senior leadership level, influencing executives and managing complex stakeholders.

• Certified with IT security certifications (CISSP, CISM, CISA) will be an advantage

• Deep expertise in Third Party Risk Management frameworks

• Strong understanding of Singapore regulatory and compliance requirements

• Proven IT risks and controls knowledge & experience

• Policy and procedure design, implementation, and maintenance

• Executive communication and stakeholder management

• Strategic thinking with strong attention to operational detail

• Leadership, coaching, and team development

We regret to inform that only shortlisted applicants will be notified.
(Job ID:10076240)