VP, Technology and Vendor Risk

This role will be responsible for identifying, assessing, and mitigating cyber risks introduced by vendors, partners, and the broader supply chain ecosystem, ensuring alignment with enterprise risk appetite, regulatory requirements, and business objectives. The ideal candidate combines deep cybersecurity expertise, risk management discipline, and strong stakeholder engagement skills, with the ability to operationalize scalable frameworks across a complex enterprise environment.

This role sits within Line 2.

Responsibilities:

• Define and implement a comprehensive Third Party & Supply Chain Cyber Risk Management framework, aligned with enterprise risk appetite and industry standards (e.g., NIST, ISO).
• Lead end-to-end vendor risk assessments (onboarding, periodic reviews, offboarding), including vendor tiering and risk prioritization.
• Identify and mitigate supply chain and fourth-party risks, including software supply chain vulnerabilities (e.g., SBOM, open-source risks).
• Establish continuous monitoring capabilities using external risk intelligence tools and define KPIs/KRIs for executive reporting.
• Embed cybersecurity requirements into contracts, procurement processes, and regulatory compliance obligations.
• Define and manage third-party incident response processes, including breach handling, escalation, and impact assessment.
• Partner with business, technology, procurement, and legal teams as a trusted advisor on third-party cyber risks.
• Drive program maturity and automation through TPSRM tools and streamlined workflows.

Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 10+ years of experience in cybersecurity or technology risk, with a strong focus on third-party/vendor risk management.
• Proven experience building or leading enterprise TPSRM programs, preferably in financial services or regulated industries.
• Experience with cloud security and modern architectures (AWS, Azure, SaaS ecosystems).
• Familiarity with software supply chain security (e.g., SBOM, SCA tools, DevSecOps practices).

To apply:

If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [email protected] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lic: 16S8060