Third‑Party Risk Management Specialist

Coordinate the risk assessment process for outsourced activities, including:

• collecting and analyzing information from 1LOD and suppliers;
• evaluating supplier-related risks and the mitigation measures implemented.

Define and update the control framework and monitoring indicators, including:

• defining and reviewing risk controls for outsourced activities;
• establishing and validating KPIs, KRIs, and associated tolerance levels.

Monitor activities carried out by the 1st Line of Defence in the area of Third-Party & ICT Risk:

• reviewing documentation and due-diligence activities;
• monitoring the performance and compliance of critical and non-critical ICT suppliers;
• promptly identifying deviations and recommending corrective actions.

Contribute to the development and improvement of the governance framework for supplier-related risks, in alignment with internal requirements and relevant regulations (e.g., DORA, EBA Guidelines, local requirements).

Ensure effective communication with all stakeholders and provide expert advice and support to the 1LOD