img
نوع العقددوام كامل
طبيعة الوظيفةبالموقع
الموقعالرياض

وصف الوظيفة

About Tabby and the Role

Tabby | تابي is seeking a Risk Manager to join our team in Riyadh. This full-time position is integral to managing the complex vendor ecosystem inherent in Buy Now Pay Later (BNPL) businesses. The role involves overseeing the entire third-party risk program, from initial due diligence through to vendor offboarding, ensuring operational stability and compliance within a dynamic fintech environment.

Role Purpose and Scope

As the Vendor Risk Manager, you will be responsible for identifying, assessing, and mitigating risks associated with our diverse network of third-party vendors, including KYC providers, credit bureaus, payment processors, and collections agencies. Your primary objective will be to provide clear, concise risk assessments to leadership, pinpointing high-risk vendors and implementing controls to prevent vendor failures from impacting our customers or leading to regulatory issues.

Key Responsibilities

  • Conduct comprehensive due diligence on new vendors prior to contract signing, including financial health checks, SOC 2 / ISO 27001 reviews, breach history analysis, and subprocessor mapping.
  • Issue clear risk ratings for prospective vendors, applying specific conditions rather than simple pass/fail assessments, covering partners in KYC, identity verification, fraud detection, credit bureau, payment processing, card issuing, banking, and collections.
  • Collaborate with Legal and Procurement during the contracting process to secure critical terms such as audit rights, breach notification windows, data localization commitments, exit assistance clauses, and SLAs tied to penalties.
  • Manage vendor risk assessments across the active third-party portfolio, prioritizing critical and high-risk vendors for annual deep-dive reviews.
  • Establish and execute tiered monitoring cadences—quarterly for critical vendors (*, KYC, payment processing, banking partners) and annually for others—to track control drift, subprocessor changes, and adverse media.
  • Maintain the concentration risk and critical-vendor register, providing explanations for single points of failure (*, one bureau covering most underwriting volume) and corresponding contingency plans.
  • Partner with Product teams before new vendor integrations go live, participating in the evaluation of new checkout partners or fraud model vendors from the outset.
  • Prepare vendor risk reporting for the Risk Committee and Board, translating control gaps and incident trends into actionable decisions for leadership.
  • Oversee the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity for any customer-facing services.
  • Ensure all regulatory and contractual exit obligations are met and documented, particularly for vendors classified as critical or important.

Qualifications and Experience

  • A minimum of 5 to 10 years of experience in risk management, with a strong focus on third-party or vendor risk within a regulated environment.
  • Demonstrated ability to conduct thorough due diligence, risk assessments, and ongoing monitoring of vendors.
  • Experience with contractual negotiations and understanding of critical terms related to vendor agreements.
  • Strong analytical skills to identify and assess concentration risks and single points of failure.
  • Excellent communication skills for reporting to leadership and collaborating with cross-functional teams.

Work Environment

This is a full-time position based in our Riyadh office, requiring a proactive approach to managing vendor relationships and risk within a dynamic fintech environment.

Application Process

Candidates who meet the qualifications are encouraged to apply.


متطلبات الوظيفة

  • تتطلب ٥-١٠ سنوات خبرة

وظائف مشابهة