We are looking for a
Senior Third Party Risk Manager / IT Outsourcing Manager
(unlimited, full-time) Join our team at our location in Berlin, Münster, Amsterdam, Heerenveen or Verl – flexible working conditions available
to build the next generation fintech.
Riverty is looking for a Senior ICT-Third Party Risk Manager to join our expanding CISO team in our regulated payment institute. This role supports the Assurance Lead in conducting internal and external audits with crucial ICT vendors, while also assisting in maintaining partnerships to ensure performance and regulatory compliance.
What will be the challenge:
- Third Party Risk Management: Take a senior role in scheduling and conducting audits and assessments on our ICT vendors, ensuring compliance with DORA and other regulatory standards. Manage Riverty’s risks related to the ICT outsourcing, ensuring thorough coverage and adherence to resilience-related requirements.
- Vendor Management: Drive collaboration with internal and external vendors to align their services with Riverty’s regulatory needs. Ensure that ICT vendors comply with contractual obligations and facilitate regular performance discussions. Consistently monitor and assess vendor performance against established service levels and key performance indicators (KPIs) to ensure optimal service delivery.
- Contract Management: Collaborate closely with Corporate Legal to standardize our contractual frameworks. Collaborate in drafting and negotiation of contracts with new ICT vendors, ensuring compliance with organizational standards and regulatory requirements.
- Performance Management: Track and evaluate vendor performance regularly, while also monitoring costs to ensure that services are cost-effective and within budget. Additionally, provide regular reports to relevant stakeholders, summarizing performance metrics to facilitate informed decision-making.
- Risk Management: Leverage insights gained from assurance and vendor management to enhance Riverty’s enterprise risk management framework. Oversee third-party risk management initiatives, ensuring that all risks are identified, assessed, and mitigated effectively.
What you need to succeed in the role:
- Extensive experience in resilience-related domains (e. g. third party risk management, information security incl. business continuity as well as IT security or IT Governance)
- Strong experience in vendor management and assessments as well as performance management in the area of ICT outsourcing
- Familiarity with the regulatory landscape of a payment institute and experience in contract negotiation is a plus.
- Bachelor’s or Master’s degree in Information Security, IT Security, Business information systems, law, Business Administration or a related field. Relevant certifications (e.g., CISA, CISM, or equivalent) are a plus.
- Strong analytical and problem-solving skills
- You are fluent in English and German
- Proven ability to work effectively in a fast-paced, complex, and dynamic environment