CrawlJobs Logo
The Cigna Group Logo The Cigna Group · -

Third Party Risk Lead - DORA

Spain, Madrid · Job Posted May 03, 2026
Apply Position
Job Link Share

Job Description

This role leads a risk-driven regulatory change programme to deliver and sustain DORA compliance for ICT third-party services (critical and non-critical suppliers). It translates regulatory expectations into a practical delivery roadmap, prioritised, sequenced and measurable, so outcomes land in BAU, not just in documentation. Accountable for end-to-end execution, the role drives progress across Technology, Procurement, Legal, Vendor Owners and Risk: managing competing priorities, dependencies and delivery risk, and removing blockers to maintain momentum in live BAU environments. This role should be comfortable making proportionate, risk-based decisions with incomplete information and progressing delivery as requirements and frameworks evolve; maintaining regulatory confidence through clear governance, timely escalation and audit-ready evidence.

Job Responsibility

  • Lead delivery of the Third-Party Risk Framework aligned to DORA, ensuring it is implemented and embedded into BAU across functions
  • Drive delivery of criticality tiering and ICT service classification, aligning Technology, Vendor Owners, Procurement and Risk on decisions and dependencies
  • Operationalise proportionality rules for critical vs non-critical vendors to enable timely, risk-based decisions and consistent execution across the vendor lifecycle
  • Run governance and refresh cycles, tracking delivery progress, sequencing activity and managing dependencies to maintain regulatory confidence
  • Align and socialise roles and responsibilities across the 3 Lines of Defense to enable clear ownership, escalation paths and delivery execution
  • Deliver pre-contract due diligence and ICT risk assessment standards, coordinating Technology, Vendor Owners, Procurement and Risk to meet milestones
  • Drive implementation of DORA-aligned contractual clauses and addendums, coordinating Legal and Procurement to resolve issues and keep delivery on track
  • Coordinate Technology, Vendor Owners, Procurement, Legal and Risk to manage dependencies, resolve blockers and drive onboarding and contracting outcomes
  • Embed differentiated onboarding requirements based on vendor criticality into BAU processes, ensuring consistent execution across functions
  • Operationalise standard and enhanced vendor management task sets, aligning Technology, Vendor Owners and Risk on execution expectations and timelines
  • Drive periodic reassessment of vendor criticality, aligning Technology, Vendor Owners and Risk on risk-based decisions and resulting actions
  • Coordinate delivery of resilience testing and exit planning for critical ICT suppliers, managing dependencies across Technology, Vendor Owners, Procurement and Risk
  • Deliver programme reporting to governance and executive forums, providing clear progress, risks, dependencies and decisions required
  • Coordinate regulatory engagement and audit activity, ensuring timely delivery of evidence and remediation actions across stakeholders
  • Provide pragmatic DORA third party risk expertise to resolve ambiguity, enable decisions and keep delivery moving

Requirements

  • Proven Third Party / Vendor Risk Management experience, delivering improvements across the end-to-end vendor lifecycle
  • Strong understanding of ICT third party risk and controls, with ability to drive consistent execution across onboarding, contracting and BAU oversight
  • Experience delivering complex regulatory change in regulated environments, with clear ownership of milestones, dependencies and outcomes
  • Strong GRC capability, focused on turning requirements into operational controls, evidence and measurable BAU outcomes
  • Experience interpreting and applying regulatory requirements in a pragmatic, risk-based way to maintain regulatory confidence
  • Proven ability to operationalise regulatory requirements into BAU, driving delivery plans, sequencing activity and managing cross-functional dependencies
  • Strong stakeholder management and influencing skills, able to deliver outcomes through Technology, Procurement, Legal, Vendor Owners and Risk without formal authority

What we offer

  • Competitive salary
  • Multicultural and hybrid working environment
  • Private Medical Insurance
  • Employee Wellbeing Benefits
  • Educational Development Program
The Cigna Group - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Third Party Risk Lead - DORA

8 matching positions

Head of Governance, Risk and Compliance - CISO function - BPL

The Head of GRC leads the pillar responsible for ensuring the organisation under...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM, CRISC, or CISSP certification
  • Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation
  • ISO 27001 Lead Auditor or Lead Implementer certification
  • PCI QSA or Internal Security Assessor (ISA) qualification
  • Previous experience in FinTech, Digital Banking, Payment Acquiring organisation
  • Experience with Visa GACS and Mastercard SDP acquirer compliance programmes
  • Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment
  • Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments
  • Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR)
  • Understanding of cloud-native architectures and their implications for compliance and risk management
Job Responsibility
Job Responsibility
  • Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements
  • Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL)
  • Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters
  • Own the third-party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk-assessed with a tiered approach proportionate to data access and criticality
  • Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT
  • Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle
  • Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms
  • Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships
  • Own the risk assessment calendar, ensuring both cyclical and event-driven assessments are executed on schedule with appropriate rigour
  • Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time-bound, approved at the appropriate authority level, and reviewed before expiry
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Operational Risk Senior Manager

The Program Group Manager ensures that outsourcing practices are fully aligned w...
Location
Location
Ireland , Dublin
Salary
Salary:
109920.00 - 164880.00 EUR / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience in risk governance, outsourcing, or program management.
  • Strong negotiation, influencing, and stakeholder management skills, capable of engaging at senior levels.
  • In-depth understanding of EBA Outsourcing Guidelines and DORA regulatory frameworks.
  • Demonstrated ability to lead and manage teams, including performance evaluation and resource allocation.
  • Proven capability to apply comprehensive understanding of concepts to resolve complex issues across various functions.
  • A Bachelor's/University degree or equivalent experience, with a Master's degree being a plus.
  • Required Licensing/Registration: Series 7, Series 9, Series 10, Series 63, Series 65.
Job Responsibility
Job Responsibility
  • Driving the standardization of outsourcing governance across all European branches, subsidiaries, and regulated entities.
  • Ensuring consistent interpretation and implementation of EBA Outsourcing Guidelines and DORA regulatory requirements.
  • Designing and maintaining a centralized outsourcing governance framework, including defining minimum control standards and governance requirements.
  • Acting as the bridge between group policy and local execution, balancing central control with local regulatory obligations.
  • Leading, planning, and coordinating day-to-day activities for programs focused on third-party risk, exercising full management responsibility over a team or multiple teams.
  • Ensuring the creation and sign-off of comprehensive program documentation, including plans, charters, and stakeholder management plans.
  • Overseeing all areas of program execution, including funding, staffing, stakeholder engagement, risk escalation, and vendor performance monitoring.
  • Assessing and managing risk in business decisions, ensuring compliance with laws, regulations, and ethical standards, and supervising team activity.
What we offer
What we offer
  • competitive base salary (which is annually reviewed)
  • hybrid working model (up to 2 days working at home per week)
  • Fulltime
Read More
Arrow Right

Vp - Ai Security & Risk Manager

The Technology department at our client is responsible for creating and continuo...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 175000.00 USD / Year
rennerbrown.com Logo
Renner Brown
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, Data Science, or a related field
  • advanced degree a plus
  • At least 7–10 years of experience in information security, technology risk, or a related field, with a minimum of 3 years focused on AI systems, machine learning security, or AI governance
  • Deep understanding of the AI and LLM landscape, including foundation model architecture, agentic systems, RAG pipelines, and the risk implications of each
  • Hands-on experience evaluating AI platforms and products, including the ability to assess vendor claims about model behavior, data handling, and security controls with appropriate skepticism
  • Familiarity with AI risk frameworks and emerging standards, including NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, and ISO/IEC 42001
  • Experience with vendor risk management in a regulated financial services environment, including contract negotiation support and third-party security assessments
  • Knowledge of relevant regulatory frameworks including DORA, SOX, SEC cybersecurity disclosure rules, and GDPR/CCPA as they apply to AI data flows
  • Strong technical skills sufficient to evaluate AI system architecture, API security, data pipeline design, and access control models without reliance solely on vendor documentation
  • Excellent communication skills, with the ability to translate highly technical AI risk concepts into clear, decision-ready language for senior leadership, Legal, and Compliance
Job Responsibility
Job Responsibility
  • Own and maintain the firm's AI risk framework, covering model risk, data privacy, adversarial threats, third-party AI, and regulatory compliance
  • Develop and enforce AI usage policies in collaboration with Legal and Compliance, including acceptable use, data classification requirements, and prompt handling standards
  • Maintain an inventory of AI tools deployed firm-wide — both sanctioned and shadow — and assess associated risk profiles
  • Provide regular AI risk reporting to the Head of Technology Risk and senior leadership, including emerging threat trends, vendor posture changes, and control gaps
  • Monitor the evolving regulatory environment for AI (EU AI Act, SEC guidance, DORA, NY DFS) and advise on compliance obligations and required controls
  • Lead security and risk assessments of vendors introducing AI capabilities into existing or new platforms, including evaluating model transparency, data handling practices, and auditability
  • Develop and maintain a structured AI vendor evaluation framework, incorporating criteria for model governance, output reliability, data residency, and incident response obligations
  • Partner with Procurement and Legal to ensure AI-specific provisions are reflected in vendor contracts, including data usage restrictions, model change notifications, and liability terms
  • Maintain a tiered risk register of third-party AI integrations, with ongoing monitoring for material changes to vendor AI functionality, architecture, or ownership
  • Engage directly with vendor security and product teams to assess AI-related controls and drive remediation of identified gaps
  • Fulltime
Read More
Arrow Right

Business Continuity Manager

We are seeking a Business Continuity Manager to join our Outsourcing & Business ...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
n26.com Logo
N26
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Resilience, BCM, Business Administration, Risk Management, or other relevant areas in Business Continuity Management / Crisis Management / Operational Resilience
  • 6+ years of professional experience (may include ICT Risk and Third Party Risk Management) gained in banking / financial services or consulting
  • Good knowledge of relevant legal and regulatory requirements (e.g., MaRisk, BAIT, DORA) and common industry standards (e.g., ISO 22301)
  • Strong analytical and conceptual skills, creativity, critical thinking, as well as the ability to identify problems and propose practical solutions
  • Excellent communication skills on both technical and managerial level
  • Good understanding of relevant legal and regulatory requirements and common industry standards
  • Proven track record in project delivery and process ownership
  • A proactive mindset, autonomous attitude, and a strong “get things done” approach
  • Hands-on approach and eagerness to tackle new topics, while demonstrating a quick grasp in conceptual project work and operational resilience topics
  • Ability to translate regulatory requirements into actionable controls and processes
Job Responsibility
Job Responsibility
  • Lead the development, implementation, and maintenance of the Business Continuity Management and Crisis Management framework across all operations
  • Support the definition and continuous enhancement of BCM strategy, policies, procedures, methodology, and standards in alignment with regulatory requirements (e.g., DORA, MaRisk) and industry best practices
  • Manage complex business impact analyses (BIAs) and risk assessments to identify critical business functions and dependencies
  • Support the implementation and integration of tooling related to BCM and CM
  • Support the leads in transforming the current Business Continuity Management framework into a broader Operational Resilience capability, including DORA requirements, critical service continuity, and third-party resilience controls
  • Create training and awareness plans across the organization to build a strong resilience culture
  • Highlight potential gaps and risks to senior leaders, committees, and governance forums with supporting KPIs on readiness, outcomes, and emerging risks
  • Plan, manage, and conduct regular continuity testing (table-top exercises, simulations, recovery drills) and track remediation of gaps by the 1st LoD
  • Support the operational resilience agenda including third-party / ICT dependency risk and DORA compliance
  • Lead or support resilience assessments of critical third-party and outsourced service providers, including key dependencies, concentration risks, and substitution planning
What we offer
What we offer
  • Accelerate your career growth by joining one of Europe’s most talked about disruptors
  • Employee benefits that range from a competitive personal development budget, work from home budget, discounts to fitness & wellness memberships, language apps and public transportation
  • As an N26 employee you will have access to a Premium subscription on your personal N26 bank account, as well as subscriptions for friends and family members
  • Additional day of annual leave for each year of service
  • A high degree of autonomy and access to cutting edge technologies
  • A relocation package with visa support for those who need it
  • Fulltime
Read More
Arrow Right

Head of Resilience Management for APAC-ME

Summary The Head of Resilience management for APAC-ME will be responsible for de...
Location
Location
Singapore , Singapour
Salary
Salary:
Not provided
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in operational resilience, business continuity, or risk management within the financial sector
  • Proven leadership experience
  • Deep understanding of regulatory requirements in Asia DORA, with experience managing regulatory interactions
  • Bachelor’s or Master Degree in Computer Science, Information Technology, Business continuity or equivalent
  • Professional certification such as CBCM, CBCI, CBCP (preferred)
  • Expertise in incident response methodologies, business continuity planning and in cyber resilience frameworks
  • String knowledge of CIB activities in order to be able to talk with the Business Lines and understand their constraints
  • Strong knowledge of operational resilience risk management, threat intelligence, and IT disaster recovery strategies
Job Responsibility
Job Responsibility
  • Develop and implement a comprehensive operational resiliency strategy aligned with regulatory requirements and industry standards
  • Define resilience objectives, key risk indicators (KRIs), and performance metrics to measure the effectiveness of resiliency programs
  • Collaborate with senior leadership to embed resilience principles into business and technology processes
  • Stay ahead of emerging risks, regulatory changes, and threat landscapes to refine and enhance resilience strategies
  • Oversee the development and execution of the bank’s resilience framework, ensuring rapid response and recovery from incidents
  • Lead tabletop exercises and simulations to test cyber incident response and business recovery capabilities
  • Coordinate with internal stakeholders during crisis
  • Coordinate and maintain enterprise-wide business continuity and disaster recovery plans with the different stakeholders in the Entities, ensuring readiness to sustain critical business operations during disruptions
  • Coordinate and conduct with the different stakeholders in the Entities regular BC/DR testing, audits, and training sessions to validate effectiveness and improve preparedness
  • Work closely with technology teams to ensure recovery time objectives (RTOs) and recovery point objectives (RPOs) are met for critical systems
Read More
Arrow Right

Cyber Security Engineer

Location
Location
United Kingdom , London
Salary
Salary:
Not provided
coinshares.com Logo
CoinShares
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5 years' experience in a hands-on cyber security engineering or security operations role, with demonstrable breadth across multiple security domains
  • Experience running security processes end-to-end across multiple domains within a small team environment, operating as a generalist rather than a specialist in a single area
  • Bachelor's degree in Cyber Security, Computer Science, Information Technology, or equivalent practical experience
  • Relevant certifications are desirable (e.g. CISSP, CEH, AWS Security Specialty or CCSP)
  • Prior exposure to digital asset infrastructure, crypto custody or trading environments is advantageous but not required
  • Strong foundational knowledge across core cyber security domains: network security, endpoint security, cloud security, identity and access management, vulnerability management, threat detection, incident response and data security
  • Solid understanding of security frameworks including NIST CSF 2.0 and SOC 2
  • Experience working in a regulated environment
  • exposure to GDPR, DORA, SOX and the SEC Cybersecurity Rule is highly advantageous
  • Hands-on experience with SIEM, SOAR and EDR/XDR platforms - configuration, tuning, alerting, and integration with response workflows
Job Responsibility
Job Responsibility
  • Design, implement and maintain security controls across all systems and environments, spanning enterprise IT, cloud infrastructure and digital asset operations
  • Operate core security functions including endpoint protection, email security, identity and access management, data security and security monitoring
  • Manage and continuously improve the firm's SIEM, SOAR and EDR/XDR tooling, ensuring effective alerting, tuning and integration with incident response processes
  • Lead detection engineering and incident response, acting as the primary technical responder during security events and investigations
  • Lead vulnerability management and remediation across all environments, prioritising based on risk and business impact
  • Partner with IT, engineering and DevOps teams to embed security earlier in the development lifecycle, across infrastructure and into CI/CD pipelines
  • Maintain and improve cloud security controls across AWS, leveraging CSPM tooling to monitor posture and drive remediation
  • Conduct threat modelling, security architecture reviews and risk assessments for new systems, services and third-party integrations
  • Support third-party and vendor risk assessments, including review of SOC 2 reports, penetration test reports and security questionnaires
  • Contribute to the security of CoinShares' digital asset infrastructure, including custody and trading environments
  • Fulltime
Read More
Arrow Right

Cyber Change Programme Manager

Contract Opportunity: Senior Cyber Change Programme Manager Rate: £720/day (Ins...
Location
Location
United Kingdom , London
Salary
Salary:
700.00 - 720.00 GBP / Day
https://www.randstad.com Logo
Randstad
Expiration Date
June 18, 2026
Flip Icon
Requirements
Requirements
  • Deep Banking Expertise: A proven track record as a Senior Programme Manager within major global banks
  • Regulatory Mastery: Comprehensive experience leading large-scale cyber and operational resilience change programs (specifically PRA/FCA, DORA, and Third-Party Risk/Outsourcing regulations)
  • Execution Focus: A history of successfully delivering complex, multi-year portfolios from inception through to demonstrable compliance
  • Leadership & Influence: Exceptional stakeholder management skills, with the ability to bridge the gap between technical cyber teams, business units, and C-suite executives
Job Responsibility
Job Responsibility
  • Drive End-to-End Delivery: Lead a high-profile portfolio covering PRA/FCA expectations, UK Operational Resilience, DORA, and Outsourcing/Third-Party risk
  • Translate Regulation to Action: Take dense regulatory requirements and map them into a clear, structured, and executable global roadmap
  • Fulltime
Read More
Arrow Right

Program Management Senior Analyst

We are seeking a highly motivated and detail-oriented individual to join our Int...
Location
Location
Germany , Frankfurt am Main
Salary
Salary:
1861981.00 EUR / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive proven experience in managing or participating in projects and teams within the finance sector, in a professional management role
  • Demonstrated knowledge of Third-Party Risk Management frameworks, risk management methodologies, and relevant regulatory requirements
  • Strong analytical and problem-solving abilities, with a keen eye for identifying root causes and developing practical solutions
  • Detail-oriented approach and a structured, logical problem-solving mindset
  • Exceptional interpersonal and communication skills, with a proven ability to build strong relationships across functions and influence stakeholders at all levels
  • Solid understanding of governance frameworks and experience in supporting audits and regulatory reviews
  • Proactive, self-driven, and capable of effectively managing multiple priorities in a fast-paced, dynamic environment
  • Bachelor’s/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Driving Compliance: Ensure effective adherence to local and global third-party risk management regulations (EBA GL on Outsourcing Arrangements, Draft EBA GL on sound management of third-party risk and DORA), policies, and standards
  • Supporting Governance Forums: Provide active support to Country Third Party Governance Forums, facilitating communication and collaboration
  • Stakeholder Management: Collaborate closely with stakeholders across the Europe Cluster, including country-level teams, to ensure alignment with the TPM framework and address any compliance gaps
  • Issue Escalation: Proactively identify and escalate potential risks and compliance issues to relevant stakeholders, including In-Business Risk, Third Party Officers, and Business Activity Owners
  • Monitoring & Analysis: Continuously monitor Key Risk Indicators (KRIs) to identify emerging third-party risks
  • Conduct thorough root cause analyses to understand underlying issues and develop effective mitigation strategies
  • Collaboration with Business Units: Partner with business units, including senior leadership like the Chief Country Officer and Head of Operations, to assess the broader impact of identified risks and implement corrective action plans
  • Process Enhancement: Critically evaluate existing TPM practices and identify opportunities for improvement
  • Lead initiatives to enhance standards, procedures, controls, and governance processes, ensuring the ongoing sustainability and optimization of the TPRM program in Germany
  • TPM Policy Guidance: Provide expert guidance and support to country business teams on interpreting and implementing Third Party Risk Management policies, regulations, and local procedures
What we offer
What we offer
  • Hybrid working model (up to 2 days working at home per week)
  • Competitive base salary (which is annually reviewed)
  • Fulltime
Read More
Arrow Right