Job Details

Job Description

Roles & Responsibilities

BNPL businesses don't run on a single core system they run on a chain of vendors: KYC providers doing identity checks in milliseconds, bureau data feeding underwriting decisions, processors moving money at checkout, and collections agencies chasing missed payments on our behalf. When any link in that chain fails, it isn't an internal inconvenience it's a customer who can't check out, a credit decision made on bad data, or a regulator asking why a critical service went down with no warning. As Vendor Risk Manager, you will own our third-party risk program end to end, from the first due diligence questionnaire to the day a vendor is offboarded. You will be the person who can tell leadership, in plain terms, which vendors carry the most risk and why, and you will make sure vendor failures never become customer failures.

Due Diligence & Onboarding

  • Run due diligence on new vendors before contracts are signed, including financial health checks, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping.
  • Issue a clear risk rating for every prospective vendor, with conditions attached rather than a simple pass or fail, covering KYC, identity verification, fraud detection, credit bureau, payment processing, card issuing, banking, and collections partners.
  • Sit inside the contracting process with Legal and Procurement to secure the terms that matter: audit rights, breach notification windows, data localization commitments, exit assistance clauses, and SLAs tied to real penalties.

Risk Assessment & Ongoing Monitoring

  • Own vendor risk assessments across our active third-party portfolio, prioritizing critical and high-risk vendors for annual deep-dive reviews.
  • Build and run tiered monitoring cadences quarterly for critical vendors such as KYC, payment processing, and banking partners, annual for the rest tracking control drift, subprocessor changes, and adverse media.
  • Maintain the concentration risk and critical-vendor register, and be ready to explain single points of failure, such as one bureau covering the majority of underwriting volume, and what the contingency plan actually is.

Cross-Functional Partnership

  • Work with Product before new vendor integrations go live you're in the room when a new checkout partner or fraud model vendor is being evaluated, not brought in after the contract is signed.
  • Prepare vendor risk reporting for the Risk Committee and Board, translating control gaps and incident trends into decisions leadership can act on.

Offboarding & Exit Management

  • Manage the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity for anything customer-facing.
  • Ensure regulatory and contractual exit obligations are met and documented, particularly for vendors classified as critical or important.

Desired Candidate Profile

3 4 years in third-party risk management, vendor risk, or operational risk, ideally at a payments company, lender, bank, or fintech where vendor failure has direct customer or regulatory consequences. Working knowledge of NIST CSF, ISO 27001, SOC 2, and standardized assessment tools like SIG or CAIQ you know how to read a SOC 2 report and spot what's missing, not just file it away. Familiarity with the regulatory landscape vendors sit inside: consumer credit rules, data privacy obligations (GDPR/CCPA depending on footprint), PCI-DSS for anything touching card data, and outsourcing/operational resilience expectations for critical third parties. Comfort negotiating directly with vendors you've pushed back on a processor's standard MSA, gotten a fraud vendor to commit to a real SLA, and know when our legal team will follow up means the deal needs to walk. Ability to translate risk findings for people who don't think in risk terms, including explaining to a commercial lead why a cheaper KYC vendor isn't worth the onboarding delay it will cause six months later. Strong analytical skills with the ability to interpret vendor performance and control data to support operational decisions. Excellent communication and interpersonal skills, with the ability to interact effectively across all levels of the organization. Full professional proficiency in English required; Arabic is a plus.

Nice to have: Direct BNPL or consumer credit experience you've worked with bureau data, alternative credit scoring vendors, or collections agencies specifically. Hands-on experience with a GRC platform such as OneTrust, ProcessUnity, or Archer for assessment workflows and vendor inventory. CTPRP, CRISC, CISA, or CISM certification.

Similar Jobs

About Tabby
Saudi, Saudi Arabia