Outsourcing & Third-Party Risk Manager
Job Description
The Outsourcing Manager is responsible for establishing and overseeing a robust, group-wide outsourcing and third-party risk management framework across all entities within the Capital Vault Group. The role ensures that outsourcing and third-party arrangements support operational resilience, sound governance, and regulatory compliance across all jurisdictions in which the Group operates.
Responsibilities:
-
Own and maintain the Group Outsourcing and Third-Party Risk Management Framework, ensuring it remains aligned with regulatory expectations, market standards, and the Group’s risk appetite.
-
Provide strategic oversight for outsourcing activities across the Group, ensuring consistent application of policy and procedures.
-
Advise senior management and Boards on outsourcing risks, emerging trends, and regulatory developments.
-
Ensure all outsourcing and third-party arrangements are appropriately identified, assessed, approved, documented, monitored, and periodically reviewed.
-
Oversee the lifecycle of third-party engagements, from initial assessment and due diligence through contract oversight, performance monitoring, and exit.
-
Maintain appropriate registers and documentation that reflect the Group’s outsourcing landscape.
-
Ensure outsourcing arrangements do not compromise the Group’s operational resilience, risk management, data protection, or supervisory obligations.
-
Lead the identification and assessment of outsourcing risks, including criticality, concentration risk, and dependency risk.
-
Oversee contingency and exit strategies to ensure continuity of business operations in the event of provider disruption.
-
Work closely with Legal, Risk, Compliance, ICT, Information Security, Data Protection, and other functions to ensure that outsourcing and third-party arrangements meet internal and external requirements.
-
Provide guidance to first-line teams engaging in or managing outsourced or third-party relationships, ensuring adherence to the outsourcing framework.
-
Promote awareness and understanding of outsourcing requirements across the Group through training and stakeholder engagement.
-
Establish mechanisms to monitor provider performance, service delivery, and adherence to contractual and regulatory obligations.
-
Escalate material risks, breaches, and underperformance to senior management and relevant governance bodies.
-
Prepare regular reporting and management information (MI) to support Board and committee oversight of outsourcing and third-party risks.
-
Act as a key point of contact for regulatory matters relating to outsourcing and third-party risk.
-
Ensure the Group meets regulatory expectations for outsourcing notifications, approvals, inspections, and reporting across all jurisdictions.
-
Maintain awareness of evolving regulatory requirements and ensure the Group’s outsourcing framework adapts accordingly.
Governance and Oversight
Oversight of Outsourced and Third-Party Arrangements
Risk Management & Operational Resilience
Cross-Functional Collaboration
Monitoring, Assurance & Reporting
Regulatory Engagement
Requirements:
-
+5 years of experience in outsourcing, third-party risk, operational risk, or compliance within a regulated financial services environment;
-
Proven experience designing or managing a group-wide outsourcing / third-party risk framework;
-
Strong knowledge of regulatory requirements (e.g., CySEC, FCA, CMA (formerly SCA));
-
Experience overseeing the full outsourcing lifecycle, including due diligence, risk assessment, ongoing monitoring, and exit strategies;
-
Ability to assess and manage critical outsourcing risks (concentration, dependency, operational resilience);
-
Experience working across multiple jurisdictions and advising senior stakeholders;
-
Strong stakeholder management across Legal, Risk, Compliance, and Technology functions;
-
Hands-on, build-oriented mindset with the ability to scale processes in a growing organization.