Vendor Governance Officer IND

Required Responsibilities but not limited to:

Core responsibilities

1. **Risk Assessment and Due Diligence: **

   - Conduct detailed risk assessments of third-party vendors and service providers, focusing on areas such as financial stability, security practices, regulatory compliance, and overall risk exposure.

   - Perform initial and ongoing due diligence, gathering and analysing data from various sources to assess the risk profile of third-party entities.

2. **Vendor Onboarding and Offboarding: **

   - Support the vendor onboarding process by conducting thorough risk evaluations and providing recommendations for approval or rejection.

   - Manage the offboarding process of third-party vendors, ensuring proper documentation and risk mitigation steps are followed.

3. **Monitoring and Reporting: **

- Develop and maintain an up-to-date inventory of third-party relationships, including risk ratings and criticality assessments.

- Continuously monitor third-party performance and compliance through regular assessments, reviews, and audits.

- Prepare and present detailed reports and dashboards on third-party risk status, trends, and remediation efforts to senior management and other stakeholders.

- Report and publish Vendor Management KRI reporting at key governance forums on a monthly basis

4. **Policy and Procedure Development: **

   - Assist in the development, implementation, and maintenance of third-party risk management policies, procedures, and guidelines.

   - Ensure policies and procedures are aligned with industry best practices, regulatory requirements, and organizational goals.

5. **Collaboration and Stakeholder Engagement: **

   - Work closely with procurement, legal, compliance, IT, Architecture team and other relevant departments to ensure third-party risk management processes are integrated and effective.

   - Act as a liaison between the organization and third-party vendors, facilitating communication and resolving issues related to risk management.

6. **Training and Awareness: **

   - Develop and deliver training programs to internal stakeholders on third-party risk management processes, tools, and best practices.

   - Promote awareness of third-party risk management throughout the organization to ensure a culture of risk awareness and accountability.

7. **Incident Response and Remediation: **

   - Assist in the investigation and resolution of incidents involving third-party vendors, including data breaches, compliance violations, and performance failures.

   - Coordinate remediation efforts and ensure corrective actions are implemented and tracked.

8. **Regulatory Compliance: **

   - Stay current with regulatory developments and industry standards related to third-party risk management.

   - Ensure third-party risk management activities comply with applicable laws, regulations, and industry standards.

9. **Continuous Improvement: **

   - Identify opportunities for improving third-party risk management processes, tools, and methodologies.

   - Participate in projects and initiatives aimed at enhancing the efficiency and effectiveness of the third-party risk management program.

10. **Data Analysis and Insights: **

    - Utilize data analytics to identify trends, patterns, and potential risks within the third-party ecosystem.

    - Provide actionable insights and recommendations to mitigate identified risks and enhance the overall risk management framework.

Other Responsibilities

• Vendor Management forms processed and completed as per the Due Diligence Matrix of the Group Vendor Management & Outsourcing Policy (VM&O policy) with 100% accuracy and in-time to plan.
• Support the review of BCP/ DR and Contingency plan along with remediation action for the Group’s vendors by working with ROs, relevant stakeholders.
• Administratively manage monthly Vendor Management Committee and other key governance meetings (schedule meetings, build pack, draft minutes, and issue) by working with Line Manager (LM) and Functional Manager (FM)
• Maintain Vendor Management Group shared folder structure in accordance with Group record management policy.
• Assist and support the team in updating the Group’s vendor database with appropriate oversight/ approval with evidence on a monthly basis.
• Support LM and FM in all Audit open actions to be close as per the agreed timeline in 100% of the cases, without extensions.
• Support ROs in presenting Outsourcer Annual Report Document at Key governance forum on a monthly basis.
• Support vendor management ad hoc projects/ tasks (not part of BAU and Change initiatives) within the agreed timeline with LM and FM

• Support InfoSec Team in the review of IT Security questionnaire for vendors by liaising with Relationship owners (RO), Information Security team and vendor in line with VM&O policy and Information Security policy.
• Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations (Mandatory bullet point – Do not remove
• Accountability to ensuring best in class core vendor supplier risk analysis of applicable portfolio ensuring consistency with industry leading practices and conform to all the internal vendor procedure / policies and all related regulatory expectations.
• Active engagement key front line governance routine inclusive of strategic planning session, governance committees and business review. 
• High awareness and adherence to the control environment including Quality Assurance and Quality Control.

Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations (Mandatory bullet point – Do not remove)