Third Party Risk Lead

Reporting to the Technology Risk Manager, the Third Party Risk Lead is responsible for Managing and evolving the organisation’s Third Party Risk Management (TPRM) Framework, ensuring it is robust, compliant with applicable regulatory requirements (including operational resilience), and aligned with industry best practices. This role will focus on overseeing third-party risk, with particular emphasis on technology suppliers, including cloud providers, software vendors, and outsourced IT service providers. The role operates independently from the Procurement function but collaborates closely with it to embed robust risk assessments in the procurement lifecycle. This role holder will work closely with Third Party Risk Managers across the business ensuring a cohesive approach across the organisation.

Key Responsibilities

• Maintain & Operate the Third Party Risk Management Framework, policies, procedures, and tools to ensure compliance with relevant regulatory requirements (e.g., FCA/PRA, etc.).
• Monitor and report on the end-to-end third-party risk lifecycle process including due diligence, onboarding, monitoring, issue management, and offboarding to ensure that risks are effectively identified and Managed.
• Provide expert oversight and risk assessment of all critical technology suppliers, including cloud, infrastructure, platforms, and managed services.
• Develop and maintain a risk taxonomy and categorisation model for third-party suppliers, with a specific lens on operational resilience, concentration risk, and systemic impact.
• Ensure that critical third-party services are mapped to Important Business Services (IBS) as part of operational resilience requirements.
• Support and challenge business stakeholders in supplier selection and ongoing oversight, particularly for high-risk and critical vendors.
• Monitor assessment and testing of third-party Business Continuity and Disaster Recovery (BC/DR) plans.
• Monitor regulatory developments related to third-party risk and ensure timely updates to the framework and processes.
• Conduct risk reviews, deep-dives, and performance assessments on critical technology suppliers.
• Report to senior management and risk committees on third-party risk exposures, issues, and performance metrics.
• Promote a risk-aware culture by providing training and guidance to stakeholders on third-party risk management best practices.
• Develop and maintain metrics and reporting dashboards to track third-party risk exposure, remediation progress, and regulatory compliance.
• Collaborate closely with business departments to support their third-party/supplier risk management, driving consistency across the organisation.

Experience and Skills required

Essential:

• Proven experience (5+ years) in third-party risk, operational risk, vendor management, or similar within the financial services sector.
• Strong knowledge of regulatory requirements related to third-party risk and operational resilience (e.g., UK PRA/FCA SS2/21, DORA, EBA, ISO27001, NIST).
• Solid understanding of technology infrastructure and associated risks, especially in cloud services and IT outsourcing.
• Experience in leading risk assessments, and ongoing monitoring of technology suppliers.
• Excellent communication and stakeholder engagement skills.
• Strong analytical and reporting capabilities.
• Proven ability to work collaboratively across functions and influence stakeholders without direct authority.
• Excellent organizational skills and ability to manage multiple priorities under pressure.

Desirable:

• Bachelor’s or Master’s degree in Risk Management, Information Security, Technology, or a related field.
• Relevant professional certifications such as CRISC, CTPRP, CISM, CISSP, ISO 27001 Lead Auditor.
• Experience working in or with regulated financial institutions.
• Understanding of data privacy requirements (e.g., GDPR) in the context of third-party relationships.

Location

This role will primarily be remote however you will be expected to visit our office in Cardiff 2 days per month, as well as any ad hoc visits if required. 

Admiral: Where You Can

We take pride in being a diverse and inclusive business. It's a place where you can Be You, and show up as you are. We’re committed to fostering a people-first culture where everyone is accepted, supported, and empowered to be brilliant. You can, Grow And Progress at a pace and direction that suits you, Make A Difference for our customers and each other, and Share in Our Future with all colleagues eligible for up to £3,600 of free shares each year after one year of service.

Everyone receives 33 days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of 38 days (including bank holidays). You also have the option to buy or sell up to an additional five days of annual leave.

We’re proud of our people-first culture. In fact, we've been recognised as a Great Place to Work for Women, a Great Place to Work for Wellbeing, and an overall Great Place to Work for over 25 years! We’re fully committed to making sure your progression is not slowed or halted by barriers related to race, gender, age, sexuality or any of the protected characteristics.

Our fantastic benefits make sure our colleagues have a great work-life balance; You can view some of our other key benefits here.

#LI-KG1