VP, Third-Party Risk Management, Corporate Infrastructure Services Department

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 offices around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

The Corporate Infrastructure Services Department (CISD) at GIC focuses on maintaining a best-in-class workplace environment that enables employees to perform at their highest potential.

Within CISD, the Enterprise Sourcing & Procurement (ESP) team provides strategic procurement and sourcing support, ensuring compliance with internal and external requirements, value optimization, and quality assurance across all organizational activities.

The Third-Party Risk Management function sits within ESP and is a critical component of managing all risks (including, but not limited to, operational, financial, regulatory, and reputational) associated with external vendors and service providers.   Its primary purpose is to ensure that third-party relationships align with the organization's objectives, meet regulatory requirements, mitigate risks, and support operational resilience.

What impact can you make in this role?

The VP - Third-Party Risk Management will take a leadership role in implementing and maintaining an effective third-party risk and due diligence program. The successful candidate will lead efforts to assess, monitor, and mitigate risks associated with the organization's external vendors and service providers, ensuring compliance with regulatory requirements and alignment with organizational objectives. This individual will collaborate with cross-functional teams to establish robust governance to safeguard the organization's operations and reputation.

 What will you do as a Vice President?

1. Third-Party Risk Management and Governance:
   1. Define and lead the strategic direction of the organization’s third-party risk management framework, policies, and governance structures.
   2. Track and manage remediation of identified vendor issues, control gaps, or audit findings.
   3.  Act as the subject matter expert and key advisor to senior executives and risk committees on third-party risk exposure, emerging trends, and regulatory development
   4. Stay updated on regulatory developments in third-party risk and ensure compliance.

2. Vendor Due Diligence and Risk Assessment:
   1. Oversee the design and execution of comprehensive risk assessments for critical vendors and service providers, ensuring a risk-based and proportionate approach.
   2. Partner with stakeholders (e.g., Procurement, Legal, Compliance, and other risk teams) to support the identification, evaluation, and mitigation of risks associated with operational, financial, compliance, reputational, cyber security, and data privacy aspects of third-party relationships.
   3. Provide strategic guidance on contractual risk provisions, service-level agreements (SLAs), and exit strategies to safeguard the organization’s interests.
   4. . Ensure due diligence processes are robust, efficient, and aligned with regulatory expectations and internal risk appetite

3. Ongoing Monitoring
   1. Conduct ongoing monitoring of third-party performance and compliance.
   2. Maintain an inventory of third-party relationships and conduct periodic reviews to assess ongoing risk levels.
   3. Present periodic risk dashboards and insights to senior management and relevant committees, highlighting key trends, emerging risks, and mitigation actions.

4. Collaboration and Stakeholder Management:
   1. Work closely with internal business units to ensure a comprehensive understanding of third-party dependencies and potential risks.
   2. Represent the TPRM function in cross-functional risk forums and external regulatory or industry engagements
   3. Lead communication and training initiatives to enhance organizational awareness and capability in managing third-party risks

5. Continuous Improvements:
   1. Drive the adoption of technology, data analytics, and automation to enhance the efficiency and effectiveness of the TPRM program
   2. Leverage technology and data solutions such as TPRM platforms or data feeds for more effective due diligence and ongoing monitoring.

What qualifications or skills should you possess in this role?

• Educational Requirements:
  • Bachelor’s degree in Risk Management, Finance, Business Administration, Law, or a related field.

• Professional Experience:
  • At least 10 years of experience in third-party/vendor risk management, operational risk, compliance, or procurement roles.
  • Proven track record of managing third-party risk environments in a leadership capacity, preferably in the financial services, technology, or consulting industries.

• Skills and Competencies:
  • Strong knowledge of third-party risk management frameworks, processes, and best practices.
  • Familiarity with key regulatory compliance standards (e.g., MAS Outsourcing Guidelines,  GDPR, FCPA, AML/KYC, ISO 27001).
  • Analytical mindset with the ability to identify, assess, and mitigate potential risks.
  • Exceptional communication, negotiation, and interpersonal skills for engaging with internal and external stakeholders.
  • Hands-on experience with third-party risk management platforms (e.g., Coupa, RSA Archer, ServiceNow).
  • Ability to work effectively in a fast-paced and complex risk environment.
  • Knowledge of Operational Resilience management is a plus.

• Key Competencies:
  • Leadership and strategic thinking.
  • Problem-solving and analytical skills to address complex third-party risk challenges.
  • Strong collaboration and team management abilities.
  • Excellent attention to detail and alignment with corporate goals.

Work at the Point of Impact

We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC

At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection. At the same time, we believe that flexibility allows us to do our best work and be our best selves. Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer

GIC is an equal opportunity employer, and we value diversity. We do not discriminate based on race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Please email grphrodtaops@gic.com.sg at any point of the application or interview process if adjustments need to be made due to a disability.

Learn More

Learn more about our Corporate Infrastructure Services Department here: https://gic.careers/departments/corporate-infrastructure-services-department/