img
نوع العقددوام كامل
طبيعة الوظيفةبالموقع
الموقعالرياض

وصف الوظيفة

About Tabby

Tabby (تابي) is a leading financial technology company operating in Riyadh (الرياض). We are seeking a Risk Manager to join our full-time team.

The Role

In the Buy Now, Pay Later (BNPL) business, operations rely on a complex chain of third-party vendors for critical services such as identity checks, credit underwriting data, payment processing, and collections. Failures in any part of this chain directly impact customer experience and regulatory compliance. The Risk Manager will own Tabby's third-party risk program end-to-end, ensuring that vendor failures are prevented from becoming customer failures and providing clear insights to leadership regarding vendor-related risks.

Key Responsibilities

The Risk Manager will oversee all aspects of vendor risk management, from initial engagement to offboarding. Key responsibilities include:

Vendor Due Diligence and Onboarding

  • Conduct comprehensive due diligence on new vendors before contract signing, covering financial health, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping.
  • Assign clear risk ratings to prospective vendors, specifying conditions rather than a simple pass or fail, across areas such as KYC, identity verification, fraud detection, credit bureau, payment processing, card issuing, banking, and collections partners.
  • Collaborate with Legal and Procurement during the contracting process to secure critical terms, including audit rights, breach notification windows, data localization commitments, exit assistance clauses, and service level agreements (SLAs) tied to penalties.

Ongoing Risk Assessment and Monitoring

  • Manage vendor risk assessments for the active third-party portfolio, prioritizing critical and high-risk vendors for annual deep-dive reviews.
  • Develop and implement tiered monitoring cadences, such as quarterly for critical vendors (*, KYC, payment processing, banking partners) and annually for others, to track control drift, subprocessor changes, and adverse media.
  • Maintain the concentration risk and critical-vendor register, providing clear explanations for single points of failure and outlining robust contingency plans.

Cross-Functional Collaboration and Vendor Exit

  • Engage with Product teams during the evaluation phase of new vendor integrations, prior to contract finalization.
  • Prepare vendor risk reports for the Risk Committee and Board, translating control gaps and incident trends into actionable decisions for leadership.
  • Manage the offboarding process for exited vendors, ensuring data deletion, access revocation, and continuity for customer-facing services.
  • Verify and document that all regulatory and contractual exit obligations are met, especially for vendors classified as critical or important.

Required Experience

Candidates should possess 5-10 years of experience in risk management, with a significant focus on third-party or vendor risk within the financial services or fintech industry. The ability to articulate complex risk scenarios and strategic solutions to senior stakeholders is essential for this role.


متطلبات الوظيفة

  • تتطلب ٥-١٠ سنوات خبرة

وظائف مشابهة