You'll own the day-to-day of Tabby's vendor (third-party) risk and management program while playing an active role across the broader Enterprise Risk Management (ERM) function. The role aims at effectively managing third parties end-to-end including assessing, onboarding, and monitoring vendors from both a risk and a commercial/performance angle and contributing to wider ERM work such as risk assessments, controls, reporting, and frameworks.This is a hands-on execution role for someone who moves fast, communicates clearly, and works well across teams.
Vendor & third-party management
- Manage vendor risk assessments and due diligence throughout the onboarding lifecycle and approvals across different functional units and assisting in risk-tiering and classification of Tabby vendors.
- Manage the end-to-end vendor lifecycle for Tabby from intake, vendor risk assessment, project management across different stakeholders and managing internal approval flows.
- Maintain the vendor inventory, tracker, risk register, and supporting documentation so the picture is always current and audit-ready.
- Be the go-to coordinator between vendors and internal stakeholders (Procurement, Legal, InfoSec, Compliance, Finance, business owners) keeping things moving without dropping detail.
- Help evolve and design Tabby's third-party risk strategy and framework assessment standards, policies to cater to business growth and changing regulatory environment.
- Provide oversight of onboarding and due diligence process to identify and reduce risk before a vendor is engaged.Track vendor performance against SLAs and KPIs through periodic reviews, flagging issues early and driving remediation to closure.
- Build and maintain live dashboards that track SLA compliance, cycle times, ageing breaches, and approval activity across regions and functions — turning the data into actionable improvements.
Additional responsibilities would include -
- Support risk identification, assessment, and control mapping assisting the Enterprise risk function.
- Help maintain the enterprise risk register and contribute to risk reporting for management and committees.
- Support control testing, issue tracking, and remediation follow-up.
- Help prepare for audits and regulatory or internal reviews.
- 2-4 years in vendor/third-party risk management ERM, audit, or a related risk/controls function ideally in fintech, banking, or another regulated environment.
- Fair understanding of third-party risk concepts and working familiarity with enterprise risk frameworks (e.g. COSO, ISO 31000).
- Strong organisation and execution: you close loops, hit deadlines, and keep clean records.
- Clear, concise communicator comfortable pushing vendors and stakeholders for what's needed
- Comfortable with ambiguity and a fast-moving environment; bias to action.
- Strong with documentation and tools (Excel/Sheets; GRC or vendor-management platforms a plus).
- Bachelor's degree in business, finance, risk, or a related field. Relevant certifications (risk, audit, security) are a plus.