Third Party Risk Specialist, Vice President

Section 1 – Details

Job Title / Corporate Title

Third Party Risk Specialist, Vice President

Department / Group

OPPD - Third Party Management

Responsible to / Line Manager

EMEA Head of TPM Risk and Change

Direct Reports

None

Location

100, Liverpool Street, London

Date Prepared

June 2024

Certification regime

Out of scope

Section 2 – Purpose of Job

The TPM Risk Specialist role is primarily responsible for supporting the Head of Risk and Change in 1LOD third party risk management across EMEA and which includes the support for any key projects which have third party dependencies across the region

Section 3 – Background

 The remit of the Operations Planning Department (OPPD) spans all of SMBC EMEA (all entities and countries, all business units and supporting functions) and includes the following groups:

• Transformation & Strategy Planning Group. Responsible for the Transformation Strategy, design of the Target State for SMBC EMEA and prioritisation of the transformation budget.
• Change Management Group. Responsible for programme and project design and delivery, change methodology and toolset and providing Project Management and Business Analyst resources to staff programmes and projects.
• Service Management Group. This includes Business Service Management (responsible for the Service Management Methodology and supporting Business Service Owners in their roles overseeing the end-to-end delivery of business services), Business Continuity Management and Corporate Real Estate Services.
• Third Party Management (TPM). Responsible for the management of third-party providers (both internal and external) and managing third party risk.
• Data Management Group. Responsible for the Data Strategy, design of the Data Architecture and supporting delivery of data solutions.

The Third Party Management team are responsible for Third Party Risk Management and Procurement activities as a 1 Line of defence function.

Section 4 – Facts / Scale

 The T PM play a critical role in the success of SMBC EMEA, consisting of 12 entities, 9 branches and 5 rep offices. This role, which sits within 1LOD Third Party Risk Management will support the ongoing risk management of third parties relied upon by SMBC EMEA and align operational delivery to current industry standards and regulatory expectations and ensuring any required change remediation is designed and implemented appropriately.

Section 5 – Accountabilities & Responsibilities

• Development and implementation of the third-party framework, standards, methodologies, controls and reporting
• Implementation of third-party risk appetite and underlying metrics
• Support EMEA functions in development and execution of third party strategies to increase efficiencies, leverage talent, manage risk and make use of technology
• Design and implementation of third party controls and reporting
• Facilitate the transition of change delivery into the operational teams
• Document business requirements for tooling and support strategic decision making for technology roadmap to oversee third parties
• Advise in response to regulatory interactions and in the remediation where required of third party related incidents
• Perform first line assurance activities
• Delivery of key third party management projects, including but not limited to input into project planning, impact analysis, option evaluation, design documentation, testing materials, and supporting guidance to enhance current operational delivery
• Track new and emerging third party regulation, determine impact and develop appropriate remediation
• 2LOD Partnership: Support 2LOD groups in performance or reviews and assurance activities, including tracking of remediation and action points.
• Thought leadership: Developing and continuously improving the TPRM framework
• Provide subject matter expertise in the resolution of operational third party issues and risks and their remediation

Section 6 – Knowledge, Skills, Experience & Qualifications

• 8-10 years experience of third party management, with a thorough understanding of current and emerging third party and outsourcing regulations, as well as other relevant regulations (e.g. Resilience) across the UK and Europe, their associated (major) regulatory bodies and their implementation in the industry
• Understanding of developing third party strategies and risk appetite
• Detailed understanding of existing and emerging third party and related regulations across EMEA, their interpretation and implementation into third party management framework
• Implementation of applying third party risk into risk appetite, 3LOD, Risk and Control and Self-Assessment (RCSA) methodologies
• Drafting and maintaining clear and concise TPRM documentation including polices, frameworks, training materials and guidance
• Familiar with industry TPRM tooling as well as use of technology to collaborate, report and maintain processes, controls and training
• Experience of applying appropriate service level oversight controls and guidance over intra group arrangements, including governance, SLAs, KPIs
• Understanding of emerging requirements to enhance frameworks from traditional outsourcing to wider third party risk
• Support development of third party reporting to relevant governance forums
• Ability design and implementation methodologies to guide functions to the appropriate use of onshore/nearshore/offshore outsourcing options
• Understanding of procurement processes and controls
• Able to communicate effectively at all levels of the organisation. Able to convey complex topics simply and to articulate issues in a way that eases decision making and drives action
• Proven ability to build positive working relationships with senior stakeholders, including regulators and auditors, and capable of influencing to gain agreement and resolve conflicting priorities in ambiguous environments
• Able to influence at all levels of the organisation. Able to mobilise and align resources across the organisation – especially in teams outside of the direct reporting line
• Ability to design, assess and embed effective Controls aligned to risk management framework objectives
• Ability to produce high quality materials to ensure informed decision-making and information sharing across senior stakeholders
• Working with offshore / near shore locations and teams
• Can do attitude to build and maintain proactive and response service delivery for the region

Section 7 – Challenges

• SMBC has a complex environment of internal and external third parties, understanding the potential risks, and how the Third Party Management function (both 1LOD Third Party Risk Management and Procurement)  supports the firms strategy, overall operational resilience and within an acceptable risk appetite, will be challenging to deliver.
• SMBC as a growing bank is responding to increased regulatory interactions, and as a result places an increased dependency on the end to end TPRM framework to be demonstrably line with industry and to regulatory expectations.

Section 8 – Dual-Hatting

1. Dual-Hat Details (only required if different to the employing entity details)

Dual-Hat Job Title: N/A

Dual-Hat Line Manager: N/A

Dual-Hat Direct Reports: N/A

Dual-Hat Certification Regime: N/A

2. Dual-Hat Roles and Responsibilities

You will be required, from time to time, to undertake tasks on behalf of the dual-hat entity, as necessary. 

3. Dual-Hat Conflict of Interest

• You will have responsibilities for both SMBCE and Nikko CM
• You will be required to perform your duties and responsibilities on an entity neutral basis, without favour
• You are required to follow regulatory requirements applicable to ensure each business is appropriately supported and to maintain the legal entity integrity of each of SMBCE and Nikko CM
• Working terms are dictated by functional mandates in place between SMBCE and Nikko CM and any other relevant agreements entered into between SMBCE and Nikko CM
• You have responsibility for identifying and resolving where there may be a difference or conflict in needs between SMBCE and Nikko CM, escalating to your manager/Compliance officer where required