Job Description

Job Title: TPRM (Third-Party Risk Management) Specialist

Location:

Kuala Lumpur, Malaysia

Duration:

14 Months (Contract)

Experience:

8+ Years

:

We are seeking an experienced

TPRM (Third-Party Risk Management) Specialist

to manage and enhance the Technology & Operations (T&O) third-party risk profile. The ideal candidate will be responsible for implementing consistent risk assessment frameworks, establishing governance forums, and ensuring comprehensive lifecycle management of third-party engagements.

Key Responsibilities:

Develop and maintain a

pan-risk type third-party risk profile

for Technology & Operations (T&O). Implement a

consistent RCSA (Risk and Control Self-Assessment) approach

for TPRM across T&O, including defining metrics, CSTs/KCIs, and KRIs for TPR with country-level cascades. Oversee

end-to-end lifecycle management

of T&O third-party contracts, including vendor, non-vendor, and IGA engagements. Ensure

consistent reporting and monitoring

of key controls across domains such as Security, Resilience, Third Party, and Data. Define and maintain a

pan-risk type RACI matrix

to support the TPRM risk profile. Establish, manage, and socialize the

T&O TPR Governance Forum

to enhance oversight of T&O's third-party risk posture. Prepare and present

TPRM risk reports

to relevant governance forums (e.g., GTPRMC, T&O NFRC), including exceptions and control breach reporting.

Required Skills & Experience:

Minimum

8 years of experience

in

Risk Management, Third-Party Risk, or Operational Risk

within the

Banking, Financial Services, or Technology

domains. Strong understanding of

RCSA frameworks, TPRM lifecycle management

, and

risk metrics (KRIs, KCIs, CSTs)

. Experience with

regulatory and governance frameworks

related to risk management. Excellent analytical, documentation, and stakeholder management skills. Proven ability to drive governance initiatives and cross-functional collaboration across risk, compliance, and technology teams.

Preferred Qualifications:

Professional certifications such as

CRISC, CTPRP, CISA, or ISO 27001 Lead Implementer

are advantageous. Familiarity with

GRC tools

and

enterprise risk management systems

. Experience working in a

global or regional banking environment

.
Job Type: Contract
Contract length: 14 months

Pay: RM12,000.00 - RM130,000.00 per month