Hiring.Camp

Risk Manager

Tabby

·

6 days ago

Location
KSA
Type
Full-time
Department
Finance
Seniority
Manager
Source
Pinpoint

Description

Risk Manager

Department: Risk Management

Employment Type: Full Time

Location: KSA

Reporting To: Abdullah Alkhattaf



Description

BNPL businesses don't run on a single core system — they run on a chain of vendors: KYC providers doing identity
checks in milliseconds, bureau data feeding underwriting decisions, processors moving money at checkout, and
collections agencies chasing missed payments on our behalf. When any link in that chain fails, it isn't an internal
inconvenience — it's a customer who can't check out, a credit decision made on bad data, or a regulator asking why
a critical service went down with no warning.
As Vendor Risk Manager, you will own our third-party risk program end to end, from the first due diligence
questionnaire to the day a vendor is offboarded. You will be the person who can tell leadership, in plain terms,
which vendors carry the most risk and why, and you will make sure vendor failures never become customer failures.


Key Responsibilities

Due Diligence & Onboarding
  • Run due diligence on new vendors before contracts are signed, including financial health checks, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping.
  • Issue a clear risk rating for every prospective vendor, with conditions attached rather than a simple pass or
    fail, covering KYC, identity verification, fraud detection, credit bureau, payment processing, card issuing,
    banking, and collections partners.
  • Sit inside the contracting process with Legal and Procurement to secure the terms that matter: audit rights,
    breach notification windows, data localization commitments, exit assistance clauses, and SLAs tied to real penalties.
Risk Assessment & Ongoing Monitoring
  • Own vendor risk assessments across our active third-party portfolio, prioritizing critical and high-risk vendors for annual deep-dive reviews.
  • Build and run tiered monitoring cadences — quarterly for critical vendors such as KYC, payment processing, and banking partners, annual for the rest — tracking control drift, subprocessor changes, and
    adverse media.
  • Maintain the concentration risk and critical-vendor register, and be ready to explain single points of failure, such as one bureau covering the majority of underwriting volume, and what the contingency plan actually
    is.
Cross-Functional Partnership
  • Work with Product before new vendor integrations go live — you're in the room when a new checkout partner or fraud model vendor is being evaluated, not brought in after the contract is signed.
    • Prepare vendor risk reporting for the Risk Committee and Board, translating control gaps and incident
    trends into decisions leadership can act on.
Offboarding & Exit Management
  • Manage the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity for anything customer-facing.
  • Ensure regulatory and contractual exit obligations are met and documented, particularly for vendors
    classified as critical or important.


Skills, Knowledge & Expertise

  • 3–4 years in third-party risk management, vendor risk, or operational risk, ideally at a payments company, lender, bank, or fintech where vendor failure has direct customer or regulatory consequences.
  • Working knowledge of NIST CSF, ISO 27001, SOC 2, and standardized assessment tools like SIG or
    CAIQ — you know how to read a SOC 2 report and spot what's missing, not just file it away.
  • Familiarity with the regulatory landscape vendors sit inside: consumer credit rules, data privacy obligations
    (GDPR/CCPA depending on footprint), PCI-DSS for anything touching card data, and
    outsourcing/operational resilience expectations for critical third parties.
  • Comfort negotiating directly with vendors — you've pushed back on a processor's standard MSA, gotten a
    fraud vendor to commit to a real SLA, and know when “our legal team will follow up” means the deal
    needs to walk.
  • Ability to translate risk findings for people who don't think in risk terms, including explaining to a
    commercial lead why a cheaper KYC vendor isn't worth the onboarding delay it will cause six months later.
  • Strong analytical skills with the ability to interpret vendor performance and control data to support
    operational decisions.
  • Excellent communication and interpersonal skills, with the ability to interact effectively across all levels of
    the organization.
  • Full professional proficiency in English required; Arabic is a plus.
Nice to have:
  • Direct BNPL or consumer credit experience — you've worked with bureau data, alternative credit scoring
  • vendors, or collections agencies specifically.
  • Hands-on experience with a GRC platform such as OneTrust, ProcessUnity, or Archer for assessment
  • workflows and vendor inventory.
  • CTPRP, CRISC, CISA, or CISM certification.

Skills

SOCKYCUnderwritingRisk ManagementProcurementSOC 2GDPRISO 27001

Similar Jobs

30

Risk Manager

CONFIRE · Rialto, CA, CA, US

3 days ago

Risk Manager

Parsons Corporation · SAU Riyadh (King Salman Int'l. Airport - Airfield Assets), Saudi Arabia · Onsite

3 days ago

Risk Manager

Baptist Health Care · Pensacola, FL, United States, US

4 days ago

Risk Manager

UVA Health Prince William Medical Center · Manassas, VA, United States, US · Onsite

4 days ago

Risk Manager

Turner & Townsend · Cardiff, United Kingdom, United Kingdom · Hybrid

4 days ago

Risk Manager

Turner & Townsend · London, United Kingdom, United Kingdom · Hybrid

4 days ago

Risk Manager

Kinetic Advantage LLC · INDIANAPOLIS, IN · Onsite

4 days ago

Risk Manager

County of Mono · Bridgeport / Mammoth Lakes, CA, CA, US

4 days ago

Risk Manager

Parsons Corporation · SAU Diriyah Gate Development Authority (DGDA), Saudi Arabia · Onsite

4 days ago

Risk Manager

Asmglobal · Pensacola Bay Center, United States of America

5 days ago

Risk Manager

Decimainternational · Dubai, United Arab Emirates

6 days ago

Risk Manager

Acciona · NZL - Eastern Busway Alliance (EBA), New Zealand

6 days ago

Risk Manager

Fiserv is the global leader · Alpharetta, Georgia, United States of America +3 · Onsite

1 week ago

Risk Manager

The Future of Health Starts with You · Work at Home - Florida, USA (WFLA), United States of America +3 · Hybrid

1 week ago

Risk Manager

Decimainternational · Riyadh, Riyadh, Saudi Arabia

1 week ago

Risk Manager

Nokia · Finland · Hybrid

1 week ago

Risk Manager

ASSYSTEM · Glasgow, Scotland, United Kingdom · Hybrid

1 week ago

Risk Manager

KBR Careers · GBR, Plymouth, HMNB Devonport, Devon, United Kingdom

1 week ago

Risk Manager

Cmno · London Cannon Place, United Kingdom · Hybrid

1 week ago

Risk Manager

Slihrms · SA.Riyadh, Saudi Arabia

1 week ago

Risk Manager

Quilter · London - Senator House, United Kingdom

1 week ago

Risk Manager

Accenture · London, 30 Fenchurch Street, United Kingdom

1 week ago

Risk Manager

UVA Health Prince William Medical Center · Manassas, VA, United States, US · Onsite

2 weeks ago

Risk Manager

ASSYSTEM · Glasgow, Scotland, United Kingdom · Hybrid

2 weeks ago

Risk Manager

Invesco · Atlanta, United States of America +1 · Hybrid

2 weeks ago

Risk Manager

Atlantic Health System · Morristown, NJ, United States, US · Onsite

2 weeks ago

Risk Manager

IKG US LLC · Houston, TX

2 weeks ago

Risk Manager

Asmglobal · North Charleston Coliseum, United States of America · Onsite

2 weeks ago

Risk Manager

The Korte Company · St. Louis, Missouri

2 weeks ago

Risk Manager

Remitly is · Dublin, Ireland

2 weeks ago
Risk Manager at Tabby | Hiring.Camp