CrawlJobs Logo

Third Party Risk Lead - DORA

thecignagroup.com Logo

The Cigna Group

Location Icon

Location:
Spain , Madrid

Category Icon
Category:
-

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

This role leads a risk-driven regulatory change programme to deliver and sustain DORA compliance for ICT third-party services (critical and non-critical suppliers). It translates regulatory expectations into a practical delivery roadmap, prioritised, sequenced and measurable, so outcomes land in BAU, not just in documentation. Accountable for end-to-end execution, the role drives progress across Technology, Procurement, Legal, Vendor Owners and Risk: managing competing priorities, dependencies and delivery risk, and removing blockers to maintain momentum in live BAU environments. This role should be comfortable making proportionate, risk-based decisions with incomplete information and progressing delivery as requirements and frameworks evolve; maintaining regulatory confidence through clear governance, timely escalation and audit-ready evidence.

Job Responsibility:

  • Lead delivery of the Third-Party Risk Framework aligned to DORA, ensuring it is implemented and embedded into BAU across functions
  • Drive delivery of criticality tiering and ICT service classification, aligning Technology, Vendor Owners, Procurement and Risk on decisions and dependencies
  • Operationalise proportionality rules for critical vs non-critical vendors to enable timely, risk-based decisions and consistent execution across the vendor lifecycle
  • Run governance and refresh cycles, tracking delivery progress, sequencing activity and managing dependencies to maintain regulatory confidence
  • Align and socialise roles and responsibilities across the 3 Lines of Defense to enable clear ownership, escalation paths and delivery execution
  • Deliver pre-contract due diligence and ICT risk assessment standards, coordinating Technology, Vendor Owners, Procurement and Risk to meet milestones
  • Drive implementation of DORA-aligned contractual clauses and addendums, coordinating Legal and Procurement to resolve issues and keep delivery on track
  • Coordinate Technology, Vendor Owners, Procurement, Legal and Risk to manage dependencies, resolve blockers and drive onboarding and contracting outcomes
  • Embed differentiated onboarding requirements based on vendor criticality into BAU processes, ensuring consistent execution across functions
  • Operationalise standard and enhanced vendor management task sets, aligning Technology, Vendor Owners and Risk on execution expectations and timelines
  • Drive periodic reassessment of vendor criticality, aligning Technology, Vendor Owners and Risk on risk-based decisions and resulting actions
  • Coordinate delivery of resilience testing and exit planning for critical ICT suppliers, managing dependencies across Technology, Vendor Owners, Procurement and Risk
  • Deliver programme reporting to governance and executive forums, providing clear progress, risks, dependencies and decisions required
  • Coordinate regulatory engagement and audit activity, ensuring timely delivery of evidence and remediation actions across stakeholders
  • Provide pragmatic DORA third party risk expertise to resolve ambiguity, enable decisions and keep delivery moving

Requirements:

  • Proven Third Party / Vendor Risk Management experience, delivering improvements across the end-to-end vendor lifecycle
  • Strong understanding of ICT third party risk and controls, with ability to drive consistent execution across onboarding, contracting and BAU oversight
  • Experience delivering complex regulatory change in regulated environments, with clear ownership of milestones, dependencies and outcomes
  • Strong GRC capability, focused on turning requirements into operational controls, evidence and measurable BAU outcomes
  • Experience interpreting and applying regulatory requirements in a pragmatic, risk-based way to maintain regulatory confidence
  • Proven ability to operationalise regulatory requirements into BAU, driving delivery plans, sequencing activity and managing cross-functional dependencies
  • Strong stakeholder management and influencing skills, able to deliver outcomes through Technology, Procurement, Legal, Vendor Owners and Risk without formal authority
What we offer:
  • Competitive salary
  • Multicultural and hybrid working environment
  • Private Medical Insurance
  • Employee Wellbeing Benefits
  • Educational Development Program

Additional Information:

Job Posted:
May 03, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
The Cigna Group - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Third Party Risk Lead - DORA

Information Security Risk Lead

The Information Security Risk Lead is responsible for driving efforts to support...
Location
Location
Thailand , Bangkok
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s/Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferred
  • One or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001
  • 6 - 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplines
  • Experience in assessing cyber regulatory compliance from BOT, SEC etc.
  • Strong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.
  • Proficient in interpreting and applying policies, standards and procedures
  • Excellent project management and organizational skills (PMP, PRINCE2, etc. is a plus)
  • Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English and Thai
  • Thai language fluency is a must.
Job Responsibility
Job Responsibility
  • Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals
  • Engagement with local regulators BOT, SEC, TB-CERT, Thai-CERT, MDES, NCSA, etc. on IS related matters
  • Manage regulatory exams and internal & external audits
  • Work closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for Thailand
  • Manage internal/external resources to organize cyber-attack simulations exercise, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management process
  • Accountable for delivery of the associated remediation from regulatory assessments
  • Proficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulators
  • Provide timely and appropriate updates to regional and global stakeholders
  • escalate issues in a timely manner to senior management
  • Build and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholders
  • Fulltime
Read More
Arrow Right

Vendor & Outsourcing Manager

Solaris is a tech company with a full German banking license. Our Banking-as-a-S...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
solarisbank.com Logo
Solarisbank
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Academic background in Law, Business Administration, Economics, Finance, IT Management, or related fields
  • Minimum 4 years experience in Vendor Management, Outsourcing Governance, Third-Party Risk Management, or similar—preferably in financial services
  • Strong knowledge of outsourcing regulations (KWG, MaRisk, DORA, EBA/ESMA)
  • Very good stakeholder communication, presentation, and analytical skills with diverse teams and hierarchy levels (internally and externally)
  • Fluent German (C1/C2) and strong English language communication skills
  • Ability to work accurately and independently while keeping the bigger picture in mind for multiple stakeholders
  • Very strong stakeholder communication and presentation skills, able to engage with diverse teams
  • High level of regulatory awareness, ensuring solutions remain compliant with outsourcing, procurement, and risk requirements
  • Strong sense of responsibility, integrity, and reliability in a multi-stakeholder environment
  • Collaborative mindset with the ability to balance business needs, regulatory expectations, and operational realities
Job Responsibility
Job Responsibility
  • Take ownership of implementing and executing the Outsourcing & Procurement Policy, including Outsourcing Management, Controlling, and Reporting
  • Maintain Outsourcing Inventory and Information Register up to date
  • Ensure alignment with regulatory obligations, including reporting to regulators on new, changed, or cancelled material outsourcings
  • Provide input to TPRA Pre-Assessments and coordinate collection of Third Party inputs for TPRA assessments
  • Sign-off TPRA outputs as Outsourcing Officer and notify BaFin as required
  • Conduct and oversee audits on provider management tasks, collecting evidence, coordinating with internal audit, and demonstrating compliance with internal policies
  • Oversee daily operations of Third Parties, including managing requests (e.g., scripts, settings, identification queries) and supporting account management where applicable
  • Conduct regular service review meetings, quarterly business reviews, and other strategic meetings to assess performance, align on objectives, and monitor contractual and regulatory obligations
  • Monitor and reconcile invoices, ensuring evidence storage and logging in the monitoring cockpit
  • Track SLA compliance and maintain documented evidence
What we offer
What we offer
  • Home office budget
  • Learning & development budget of €1000 per year and a transparent growth framework to support your career goals
  • Competitive salary and a variable remuneration program
  • Monthly meal allowance
  • Deutschland ticket subsidy
  • 28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years with Solaris
  • Opportunity to work abroad for up to 12 weeks per year
Read More
Arrow Right

Risk Manager

We are looking for an ambitious and dynamic individual to join our Risk Manageme...
Location
Location
Cyprus , Nicosia
Salary
Salary:
Not provided
withplum.com Logo
Plum Fintech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Driven, ambitious risk professional preferably with experience in banking and fintech
  • Strong working knowledge of operational risk and regulations such as DORA and/or Operational Resilience, outsourcing, business continuity management, incident management, payment services, e-money, fraud, and investment products
  • 5+ years experience in risk management
  • Prior experience in driving operational resilience-related implementation efforts
  • Prior experience in ICARA report preparation
  • Knowledge of risks associated with payments and investments services
  • Prior consulting experience in risk advisory is desirable
Job Responsibility
Job Responsibility
  • Lead operational risk management processes across the group on risk and control self-assessments
  • Active involvement and oversight of operational risk, including ICT, incidents to identify root cause and monitor the implementation of remediation actions
  • Collaborate with other control functions in joint regulatory and operational risk related initiatives
  • Drive the automation initiatives on monitoring KRIs
  • Take ownership of risk-related areas in regulatory reporting, including ICARA and DORA register of information
  • Provide hands-on development of risk models involving market and operational risk, ensuring that controls are operated effectively, and offer research and analytical support
  • Drive risk-related initiatives under EU (DORA) and UK requirements on Operational Resilience including maintaining appropriate third-party risk management protocols, incident management, and business continuity plans
  • Produce and maintain relevant policies, procedures and records
  • Contribute to broader work carried out by the teams to continually enhance risk controls
  • Creating risk awareness across Plum by helping the teams to understand the risks associated with their operations and by developing and delivering risk training
What we offer
What we offer
  • Own part of the company you're helping grow through stock options
  • Private health insurance
  • Annual training budget
  • Plum Premium for free
  • Competitive referral scheme
  • Flexible approach to remote working: we encourage at least 2 days a week in one of our beautiful offices in London, Athens or Cyprus
  • Team breakfasts and team lunches
  • 25 days holiday + bank holidays
  • 45 work-from-anywhere days to give you flexibility to work your way
  • 2 weeks sabbatical after 4 years to take the break you deserve
  • Fulltime
Read More
Arrow Right

Senior Project Manager - DORA/Security

Hays has partnered with a global telecoms firm to appoint an experienced Project...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
socialvalueportal.com Logo
Social Value Portal Ltd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Lead the end-to-end delivery of the organisation's DORA compliance programme
  • Coordinate cross-functional teams (IT, Security, Risk, Legal, Operations, Procurement) to implement DORA-aligned processes, controls, and governance frameworks
  • Drive the assessment and remediation of ICT risk management, third-party supplier oversight, operational resilience testing, and incident reporting frameworks
  • Experience in ISO regulatory implementations
  • Understanding of the Telecoms Security Act (TSA)
  • Previous experience within telecoms organisations
Job Responsibility
Job Responsibility
  • Lead the end-to-end delivery of the organisation's DORA compliance programme
  • Guide the organisation and build out an effective roadmap to achieve compliance
  • Coordinate cross-functional teams (IT, Security, Risk, Legal, Operations, Procurement) to implement DORA-aligned processes, controls, and governance frameworks
  • Drive the assessment and remediation of ICT risk management, third-party supplier oversight, operational resilience testing, and incident reporting frameworks
  • Fulltime
Read More
Arrow Right

Senior Manager of Crypto Operations, Risk

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of progressive experience in risk management within crypto, fintech, broker-dealer, payments, or adjacent financial services
  • 3+ years leading teams or owning risk programs
  • Deep understanding of crypto products and infrastructure (e.g., trading, custody, staking, on-chain transfers, wallets, keys, chain analytics) and associated operational, technology, market, liquidity, and financial crime risks
  • Demonstrated track record building and scaling risk management programs, KRIs/metrics, and governance in fast-paced, regulated environments
  • Hands-on experience with end-to-end risk assessment lifecycles, issue/incident management, and enterprise resilience (BIA/BCP/DRP)
  • Direct exposure to regulatory frameworks and expectations across multiple jurisdictions (e.g., NYDFS/BitLicense, state MSB oversight, OFAC/FinCEN, MiCA, DORA), and experience working with auditors/regulators
  • Comfortable engaging with data analytics and tools (e.g., Looker, Superset) to build dashboards and narratives
  • Exceptional communication, executive presence, and stakeholder management. Ability to influence decisions, communicate clearly, and drive outcomes across Product, Engineering, Compliance, Security, Legal, and Operations
  • Bachelor’s degree or equivalent experience required
Job Responsibility
Job Responsibility
  • Risk strategy and governance: Define and mature the crypto risk management strategy and operating model. Establish and refine risk policies, standards, and procedures. Run governance and committee reporting for risk management
  • Risk appetite and metrics: Own the Risk Appetite Statements for Crypto entities and implement a comprehensive KRI framework with thresholds, alerts, and escalation paths
  • Enterprise and product risk assessments: Lead RCSAs, Enterprise Risk Assessments, and Product/Change Risk Assessments (i.e. new feature launches like staking, and significant process/technology changes). Coordinate sufficient approvals and control implementation pre-launch
  • Issue, incident, and control management: Oversee issues and remediation plans end-to-end
  • run post-incident reviews with root-cause analysis and durable corrective actions
  • partner with first-line owners and Internal Audit on control design, testing, and continuous monitoring
  • Analytics and reporting: Build executive-ready dashboards and monthly/quarterly risk reports in collaboration with data teams (e.g., Superset, Looker)
  • deliver crisp insights, trends, and calls to action to crypto and enterprise leadership
  • prepare materials for Board/committee updates as needed
  • Regulatory and audit interface: Serve as a primary risk counterpart for regulatory examinations and supervisory touchpoints (e.g., NYDFS/BitLicense, state regulators, and MiCA/DORA)
Read More
Arrow Right

Senior Manager of Crypto Operations, Risk

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park; New York
Salary
Salary:
183000.00 - 215000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of progressive experience in risk management within crypto, fintech, broker-dealer, payments, or adjacent financial services
  • 3+ years leading teams or owning risk programs
  • Deep understanding of crypto products and infrastructure (e.g., trading, custody, staking, on-chain transfers, wallets, keys, chain analytics) and associated operational, technology, market, liquidity, and financial crime risks
  • Demonstrated track record building and scaling risk management programs, KRIs/metrics, and governance in fast-paced, regulated environments
  • Hands-on experience with end-to-end risk assessment lifecycles, issue/incident management, and enterprise resilience (BIA/BCP/DRP)
  • Direct exposure to regulatory frameworks and expectations across multiple jurisdictions (e.g., NYDFS/BitLicense, state MSB oversight, OFAC/FinCEN, MiCA, DORA), and experience working with auditors/regulators
  • Comfortable engaging with data analytics and tools (e.g., Looker, Superset) to build dashboards and narratives
  • Exceptional communication, executive presence, and stakeholder management. Ability to influence decisions, communicate clearly, and drive outcomes across Product, Engineering, Compliance, Security, Legal, and Operations
  • Bachelor’s degree or equivalent experience required
Job Responsibility
Job Responsibility
  • Risk strategy and governance: Define and mature the crypto risk management strategy and operating model. Establish and refine risk policies, standards, and procedures. Run governance and committee reporting for risk management
  • Risk appetite and metrics: Own the Risk Appetite Statements for Crypto entities and implement a comprehensive KRI framework with thresholds, alerts, and escalation paths
  • Enterprise and product risk assessments: Lead RCSAs, Enterprise Risk Assessments, and Product/Change Risk Assessments (i.e. new feature launches like staking, and significant process/technology changes). Coordinate sufficient approvals and control implementation pre-launch
  • Issue, incident, and control management: Oversee issues and remediation plans end-to-end
  • run post-incident reviews with root-cause analysis and durable corrective actions
  • partner with first-line owners and Internal Audit on control design, testing, and continuous monitoring
  • Analytics and reporting: Build executive-ready dashboards and monthly/quarterly risk reports in collaboration with data teams (e.g., Superset, Looker)
  • deliver crisp insights, trends, and calls to action to crypto and enterprise leadership
  • prepare materials for Board/committee updates as needed
  • Regulatory and audit interface: Serve as a primary risk counterpart for regulatory examinations and supervisory touchpoints (e.g., NYDFS/BitLicense, state regulators, and MiCA/DORA)
What we offer
What we offer
  • Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet — a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Crisis & Incident Management Lead – Operational Resilience - Vice President

The VP, Crisis & Incident Management Lead is responsible for the strategic leade...
Location
Location
United States Of America , NEW YORK
Salary
Salary:
150000.00 - 180000.00 USD / Year
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Risk Management, Information Technology, Business Continuity, or a related field
  • Minimum 10+ years of experience in crisis/incident management, operational resilience, or business continuity
  • Experience leading cross-border incident response and regulatory engagement
  • Proficiency in English (both written and verbal)
  • Incident Management: Ability to analyze, prioritize, and manage incidents effectively. Cross-functional command and coordination
  • Strategic Thinking: Ability to align crisis and incident management initiatives with business objectives and regulatory requirements
  • Communication&Documentation: Ensure thorough documentation and clear communications over crisis and incident management activities
  • Leadership&Team Management: Proven track record of building and leading high performing teams. Strong project management skills. Ability to thrive in fast-paced, high-stakes environment
  • Regulatory Compliance: Expertise in navigating banking regulations and audit readiness. Deep understanding of financial compliance requirements and regulatory frameworks, including FFIEC, DORA, PRA and OCC
  • Crisis Leadership: Demonstrated ability to lead complex incident response efforts across business, technology, cyber, and third-party domains
Job Responsibility
Job Responsibility
  • Develop and lead a crisis and incident management strategy aligned to the bank’s operational resilience framework and key business services
  • Translate regulatory expectations (e.g., FFIEC, DORA, OCC, PRA) into actionable, risk-informed response strategies
  • Establish and manage governance forums and escalation protocols for crisis and incident oversight
  • Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD/MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders
  • Act as the lead coordinator during regional crises, ensuring structured, timely, and effective command, control, and communications
  • Maintain and continuously improve incident response plans, escalation playbooks, crisis decision trees, and communication protocols
  • Ensure that major incidents—including those involving third parties and cyber events—are managed in line with regulatory requirements
  • Integrate internal communications tools and channels into a unified communications strategy
  • Maintain and operate an auditable major incident log, with clear decision documentation, timelines, and actions taken
  • Drive optimization of incident response processes using data analytics, metrics and automation opportunities
  • Fulltime
Read More
Arrow Right

Digital Resilience Lead Analyst

The Digital Resilience Lead Analyst is a strategic professional who develops and...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in Risk Management and Resilience roles
  • Digital Resilience acumen is beneficial
  • Experience with complex program implementations, risk and/or relationship management
  • Knowledge of Citi business operations and technology
  • Ability to manage projects, expectations and maintain key relationships
  • Familiarity with the emerging regulatory environment as it relates to Resiliency risk management
  • Advanced project management, data analysis and reporting ability
  • with a good understanding of supporting technologies (applications, reporting tools, and data presentation)
  • Excellent verbal and written communication skills in English
  • Bachelor’s/University degree, Master’s degree preferred
Job Responsibility
Job Responsibility
  • Develop and maintain a firm wide Digital Resilience Strategy to mitigate IT Risk, Cyber risk as well as Third party and Data risk in situation of severe disruption
  • Manage implementation and maintenance or solutions for multiple functional areas within Digital Resilience
  • Be a Subject matter expert in Digital Resilience, assess Resiliency risks in a digital bank
  • Define, implement, and apply area wide Resiliency policies and standards by leveraging knowledge of globally accepted information security and or Continuity of Business principles
  • Identify and utilize global risk management tools
  • Manage all related Digital Resiliency deliverables such as: Critical Business Services (CBS) Impact Analysis, Recovery Plans, Crisis Management plans, Table Top Exercises
  • Can exercise independence of judgement and autonomy
  • Act as SME to senior stakeholders and /or other team members
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right