About the Role:

We are seeking an experienced IT Vendor Risk Management Analyst to join our Governance, Risk & Compliance (GRC) team as part of a broader transformation initiative. This role focuses exclusively on managing third-party and vendor risk from an IT risk management standpoint.

You will be responsible for ensuring that vendors providing IT services meet the organisation's risk, governance, and regulatory standards-particularly those outlined by the Monetary Authority of Singapore (MAS). You will assess whether the vendors' solutions, operations, and practices align with enterprise risk tolerance and regulatory requirements.

Key Responsibilities:

• Perform IT risk assessments for all third-party vendors, especially during onboarding, renewal, or major service changes.
• Review vendors' internal controls, system architecture, access management, and operational resilience capabilities from an IT risk perspective.
• Ensure vendors comply with MAS Technology Risk Management (TRM) Guidelines and other applicable frameworks and internal policies.
• Manage a large vendor portfolio, conducting risk classification and prioritization across more than 100 vendors.
• Maintain and update the vendor risk register, track outstanding issues and ensure timely remediation.
• Work closely with Legal, Procurement, IT, Compliance, and Business stakeholders to ensure appropriate vendor governance.
• Prepare reports for internal stakeholders, including risk owners and senior management, regarding vendor performance and risk posture.
• Support internal audits and regulatory reviews relating to third-party risk management.
• Continuously improve third-party risk assessment frameworks, templates, and procedures.

Requirements:

• Minimum 4 years of relevant experience in IT risk management or third-party/vendor risk governance, preferably within financial services.
• Strong familiarity with MAS TRM, outsourcing guidelines, and other financial regulatory standards.
• Experience managing high volumes of vendor engagements in a structured and auditable process.
• Excellent analytical, documentation, and stakeholder management skills.
• Familiarity with risk scoring methodologies, vendor due diligence processes, and contract risk review practices.
• Bachelor's degree in Information Systems, Risk Management, Business, or a related field.
• Certifications such as CISA, CRISC, or equivalent are advantageous.

Preferred Backgrounds:

• Prior experience working in a financial institution or a consulting firm supporting FSI clients in IT risk or GRC-related projects.

For more details, kindly write into jessica@amsers-con.com