Job Title: Vendor Risk Manager – AVP

Location: Pune, India

Role Description

Vendor Management is responsible for the service relationship with a vendor on a transactional level and for transactional vendor related support tasks.

Work includes:

• Managing or performing strategic sourcing work to manage risk and optimize the value/resilience of materials/services sourcing including
• Establishing supplier relationship management processes and continuous improvement goals/programs
• Negotiating contracts and coordinating supplier integration plans with internal clients
• Monitoring market dynamics that impact materials/services availability and/or pricing
• Partnering with internal clients to identify sourcing needs, develop buyer/market profiles, identify marketplace trends, and define acceptable service levels

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

Vendor Risk Management (VRM) is the framework/process for identifying and managing the risks arising from working with third-party vendors (internal and external). All vendor relationships and transactions are assessed and those carrying higher inherent risks are subject to a more granular assessment. SO (Service Owner) role is responsible for owning the service and providing comprehensive details, responding to tasks in the VRM process when necessary.

Your role:

• Taking end-to-end ownership of each assigned “Vendor Risk Management” (VRM) Engagement Requests for an engagement as SO.
• Follow-up with Vendors’ point(s) of contact for responding to all Control questions raised during VRM process for an engagement. Escalations to be triggered as required.
• Attending all trainings and workshops defined as “mandatory” by internal Third-Party Risk Management (TPRM) teams.
• Keeping yourself familiarized and updated on all latest Policies and Procedures published by the various Risk Management Functions within Deutsche Bank.
• Keeping yourself familiarized and updated on control requirements of the latest “Security Control for Third Parties” (SCTP 4.0) and explain the same to vendors to ensure that appropriate evidence is shared by the vendors, which satisfy the Control requirement.
• Ensuring appropriate due diligence before Third Party Management (TPM) review initiation and familiarity with Risk Type Controller (RTC) requirements in advance
• Providing comprehensive and transparent details about the owned Engagement Request in the TPM platform in a timely manner
• Ensuring that the data provided about the owned Engagement Request are kept up-to date, in line with the TPM Key Operating Documents
• Performing VRM Process tasks when prompted by TPM and/or RTCs
• Notifying the relevant RTCs whenever gaps are closed, deadlines cannot be met or full mitigation is not possible,
• Remediating gaps identified for the Engagement Request and implementing mitigation plans,
• Reporting gaps by raising Self-Identified Issues (SII) in an engagement and follow-up for closure/mitigation on a timely basis, in line with the remediation plans shared,
• Addressing unmitigated risks/gaps in accordance with the Operational Risk Management Policy, TPRM Policy, TPRM Procedure and TPM Key Operating Documents,
• Ensuring the service does not commence before the VRM review is completed,
• Ensuring that no contract is signed, or service is delivered to any Deutsche Bank Legal Entity for which Compliance deemed the service prohibited,
• Ensuring adherence to contractual obligations by Vendor
• Ensuring compliance to Regulatory guidelines
• Timely submission of accurate data to Regulators.
• Liaising with Divisional Vendor Management Office (DVMO) resources for closing any open points related to the engagement requests,
• Ensuring all strategies and plans eg. Termination Exit Plans, Termination Exit Strategies, etc. related to an engagement are documented, agreed between the relevant stakeholders, and reviewed / updated on defined intervals.
• Ensuring that Monthly, Quarterly Governance meetings with appropriate stakeholders are conducted and the details documented in line with the SDM requirements,
• Ensuring monthly feedback / review is completed for all engagements in scope and the details are documented in the designated portals in line with relevant policies.
• Ensuring annual audits are budgeted, planned, and conducted for the identified vendors and follow-up to ensure all open findings are remediated by vendor.

Your skills and experience

• Excellent skills and experience / technical knowledge in handling data/information security audits in Banking / Financial environments – Minimum 10 years
• Knowledge and experience with handling / responding to controls around IT Security audits, Financial Audits eg. SOX IT (SOC) audits, ISO 27001:2022, PCI-DSS, etc.
• Working with multiple teams to remediate open findings identified during internal / external audits including regulatory audits, IT Security audits, etc.   
• Familiar with security requirements for Banking applications and environments,
• A great team player who is comfortable in working and coordinating with diverse people from both internal as well as vendor teams,
• Excellent communication and mentoring skills,
• Experience with distributed, multi-locations teams,
• Able to inspire and motivate people and multi-disciplinary, self-organized teams,
• Any Certifications in areas of Information Security or Vendor Management is a plus,
• Professional level of English is mandatory.

How we’ll support you

• Training and development to help you excel in your career.
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression.
• A range of flexible benefits that you can tailor to suit your needs.

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.htm

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.