Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
Thank you. Your report has been submitted and will be reviewed shortly.
https://bayt.page.link/jGEMPKNrfYjYHohZ7
Back to the job results

Risk Manager

Yesterday 2026/11/11 ·Application closes in 118 days
5+ Years of Experience
Other Business Support Services
Create a job alert for similar positions
Job alert turned off. You won’t receive updates for this search anymore.

Job description

BNPL businesses don't run on a single core system — they run on a chain of vendors: KYC providers doing identity
checks in milliseconds, bureau data feeding underwriting decisions, processors moving money at checkout, and
collections agencies chasing missed payments on our behalf. When any link in that chain fails, it isn't an internal
inconvenience — it's a customer who can't check out, a credit decision made on bad data, or a regulator asking why
a critical service went down with no warning.
As Vendor Risk Manager, you will own our third-party risk program end to end, from the first due diligence
questionnaire to the day a vendor is offboarded. You will be the person who can tell leadership, in plain terms,
which vendors carry the most risk and why, and you will make sure vendor failures never become customer failures.

Key Responsibilities
Due Diligence & Onboarding
  • Run due diligence on new vendors before contracts are signed, including financial health checks, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping.
  • Issue a clear risk rating for every prospective vendor, with conditions attached rather than a simple pass or
    fail, covering KYC, identity verification, fraud detection, credit bureau, payment processing, card issuing,
    banking, and collections partners.
  • Sit inside the contracting process with Legal and Procurement to secure the terms that matter: audit rights,
    breach notification windows, data localization commitments, exit assistance clauses, and SLAs tied to real penalties.
Risk Assessment & Ongoing Monitoring
  • Own vendor risk assessments across our active third-party portfolio, prioritizing critical and high-risk vendors for annual deep-dive reviews.
  • Build and run tiered monitoring cadences — quarterly for critical vendors such as KYC, payment processing, and banking partners, annual for the rest — tracking control drift, subprocessor changes, and
    adverse media.
  • Maintain the concentration risk and critical-vendor register, and be ready to explain single points of failure, such as one bureau covering the majority of underwriting volume, and what the contingency plan actually
    is.
Cross-Functional Partnership
  • Work with Product before new vendor integrations go live — you're in the room when a new checkout partner or fraud model vendor is being evaluated, not brought in after the contract is signed.
    • Prepare vendor risk reporting for the Risk Committee and Board, translating control gaps and incident
    trends into decisions leadership can act on.
Offboarding & Exit Management
  • Manage the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity for anything customer-facing.
  • Ensure regulatory and contractual exit obligations are met and documented, particularly for vendors
    classified as critical or important.

Skills, Knowledge & Expertise
  • 3–4 years in third-party risk management, vendor risk, or operational risk, ideally at a payments company, lender, bank, or fintech where vendor failure has direct customer or regulatory consequences.
  • Working knowledge of NIST CSF, ISO 27001, SOC 2, and standardized assessment tools like SIG or
    CAIQ — you know how to read a SOC 2 report and spot what's missing, not just file it away.
  • Familiarity with the regulatory landscape vendors sit inside: consumer credit rules, data privacy obligations
    (GDPR/CCPA depending on footprint), PCI-DSS for anything touching card data, and
    outsourcing/operational resilience expectations for critical third parties.
  • Comfort negotiating directly with vendors — you've pushed back on a processor's standard MSA, gotten a
    fraud vendor to commit to a real SLA, and know when “our legal team will follow up” means the deal
    needs to walk.
  • Ability to translate risk findings for people who don't think in risk terms, including explaining to a
    commercial lead why a cheaper KYC vendor isn't worth the onboarding delay it will cause six months later.
  • Strong analytical skills with the ability to interpret vendor performance and control data to support
    operational decisions.
  • Excellent communication and interpersonal skills, with the ability to interact effectively across all levels of
    the organization.
  • Full professional proficiency in English required; Arabic is a plus.
Nice to have:
  • Direct BNPL or consumer credit experience — you've worked with bureau data, alternative credit scoring
  • vendors, or collections agencies specifically.
  • Hands-on experience with a GRC platform such as OneTrust, ProcessUnity, or Archer for assessment
  • workflows and vendor inventory.
  • CTPRP, CRISC, CISA, or CISM certification.
This job post has been translated by AI and may contain minor differences or errors.

Preferred candidate

Years of experience
5+ years
Degree
Bachelor's degree / higher diploma
You’ve reached the maximum limit of 15 job alerts. To create a new alert, please delete an existing one first.
Job alert created for this search. You’ll receive updates when new jobs match.
Are you sure you want to unapply?

You'll no longer be considered for this role and your application will be removed from the employer's inbox.