Group Third Party Risk Manager (all genders)
- City Vienna
- Seniority experienced
- Working mode on-site
- Position Type full-time
- Gender all genders
- Start date asap
- VIG IT Digital Solutions GmbH
- Active Step Inform
- Apply
- Get to know
- Take off
Your Tasks
As Group Third Party Risk Manager (m/f/d), you will coordinate and support the operational implementation of the Group-wide Third Party Risk Management (TPRM) framework. You will ensure that risks arising from relationships with third-party service providers are identified, assessed, documented, and monitored in accordance with consistent Group-wide standards.
In this role, you will work closely with local Group entities as well as Procurement, Legal, Compliance, Information Security, Data Protection, Operational Risk, and Internal Audit. You will coordinate Group-wide third-party risk assessments, support compliance with regulatory requirements—particularly those related to the Digital Operational Resilience Act (DORA)—and contribute to the consistent implementation of TPRM processes across the organization.
Third Party Risk Management
- Coordinate and perform Third Party Risk Assessments for critical and important third-party service providers.
- Manage the third-party risk management process throughout the entire vendor lifecycle—from onboarding risk assessments and periodic reassessments to the termination of business relationships.
- Conduct and document risk-based due diligence reviews and validate assessment results.
- Ensure the timely completion of risk assessments, periodic reviews, and control activities.
- Track identified risks, audit findings, and agreed remediation actions through to completion.
- Maintain and ensure the quality of Group-wide TPRM documentation, registers, and relevant data repositories.
- Coordinate with local Group entities on operational Third Party Risk Management matters.
Regulatory Compliance & DORA
- Implement regulatory requirements related to Third Party Risk Management, with a particular focus on the Digital Operational Resilience Act (DORA) and other applicable outsourcing and third-party risk regulations.
- Perform regulatory risk assessments and ensure appropriate documentation of results.
- Coordinate the preparation of evidence and documentation required for internal and external audits as well as regulatory inspections.
- Conduct gap analyses and monitor the implementation of regulatory remediation measures.
- Monitor regulatory developments and support the implementation of necessary changes to operational TPRM processes.
Collaboration & Reporting
- Collaborate closely with Procurement, Legal, Compliance, Information Security, Data Protection, Operational Risk Management, Business Continuity Management, and local Group entities.
- Coordinate information exchange among stakeholders throughout the third-party risk management process.
- Support the preparation of regular management reports, key risk indicators (KRIs), metrics, and status updates.
- Assist in preparing decision-making materials for governance bodies, management, and risk committees.
- Contribute to Group-wide initiatives aimed at enhancing Third Party Risk Management and Operational Resilience.
Process & Quality Management
- Support the continuous improvement of operational TPRM processes, methodologies, and workflows in collaboration with relevant stakeholders.
- Perform quality assurance activities to ensure the consistent application of TPRM processes across the Group.
- Contribute to the development and maintenance of process documentation, work instructions, and standard templates.
- Support the implementation and optimization of TPRM and Governance, Risk & Compliance (GRC) systems.
- Deliver training sessions and awareness initiatives on TPRM processes and regulatory requirements.
Your Profile
Requirements
- Bachelor's or Master's degree in Business Administration, Law, Business Law, Risk Management, or a related field.
- Professional experience in Third Party Risk Management, Operational Risk Management, Outsourcing Management, Internal Audit, Compliance, or Legal, ideally within the insurance or financial services sector.
- Experience conducting risk assessments, audits, due diligence reviews, or regulatory assessments.
- Strong knowledge of financial sector regulations, particularly DORA, Solvency II, EIOPA Outsourcing Guidelines, as well as relevant data protection and outsourcing requirements.
- Strong analytical skills with a structured, proactive, and independent working style.
- Excellent communication and stakeholder coordination skills, with the ability to work effectively in an international corporate environment.
- Fluency in both German and English, written and spoken.
Preferred Qualifications
- Professional experience within an international insurance group or financial institution.
- Background in Internal or External Audit, Risk Management, Compliance, or Business Law.
- Knowledge of Information Security, Data Protection, or Business Continuity Management.
- Experience with GRC or TPRM platforms such as ServiceNow, RSA Archer, OneTrust, or comparable solutions.
- Professional certifications such as CRISC, CISA, CIA, or equivalent qualifications are considered an advantage.
Your benefits
Benefits may vary between VIG companies
- Hybrid work
- Flexitime model
- 37.5 hours per week
- Home office starter package
- Additional days off (e.g., for new additions to the family, Social Active Day, training days)
- Attractive, competitive salary
- Discounted insurance products
- Discounted products at Erste Bank as well as free debit and credit cards
- Numerous partnerships in retail, tourism, gastronomy and elsewhere
- Detailed onboarding for new arrivals with Welcome Day and induction programmes
- Individual talent toolset (VIG competence model) for planning personal and professional development
- Regular VIG talks for dialogue between managers and employees
- Career for experts as an alternative to management careers
- Coaching for managers, experts and expats
- Training, seminars and e-learning courses for professional and personal development
- Group-wide training with competent and international cooperation partners
- Language courses
- Extensive range of sports and fitness courses from an external training provider throughout Austria (live or virtual)
-
Running events such as Vienna City Marathon
-
Sustainably produced VIG sports shirts
-
Anonymous and free advice from an external employee assistance programme for employees and relatives, including a well-being platform with videos, articles and podcasts, etc.
-
Our own outpatient service with medical advice, physiotherapy and massage service
- Creche, nursery and day care at two locations near the head office
- Childbirth allowance, child allowance and a gift for the newborn
- Dad/family week offers additional days off for new family members
- Services for employees on parental leave, such as parental coaching
- Information for families on childcare or caring for relatives
- We support paternity leave and part-time management
- (Virtual) events for employees offer regular updates from Human Resources or the company
- VIG Get-Together as a virtual year-end event
- Social Active Day – one day off per year for charitable work
- Access to events and exhibitions, such as architecture at Ringturm
- Good accessibility by public transport and via bicycle paths
- Lockable bicycle storage room
- Showers
- Canteen with breakfast and lunch at reduced prices
- Air-conditioned offices with sustainable district heating or cooling
- Hybrid work equipment
- Advice on the ergonomic design of the workplace by occupational physicians
- Height-adjustable desks in modern offices
- Pleasant ambience thanks to works of art and plants
- Accessibility in most buildings
- Recycling in offices, photovoltaic systems with solar power
- VIG talent toolset competency model as the basis for HR work
- Our "Principles of Collaboration" and a "Guide to Inclusive Language" as a framework for communication
- Diversity management for individual development
- Diversity officer for the implementation of the diversity strategy
- Employee resource group "all colours" for the exchange and networking of employees of the Austrian Group companies on LGBTIAQ+ issues
- Interdepartmental and group-wide projects enable mutual exchange and learning from one another
- We see it as our responsibility to protect the values that matter to our customers
Our mission
The annual gross salary (full-time) for the position is at least EUR 56.224,00. Do you have extensive experience and expertise? If so, we're happy to offer a salary above this amount in recognition of your qualifications.
This full-time position is to be filled as soon as possible.
Keyfacts
- No. 1 in Central and Eastern Europe
- More than 50 insurance companies and pension funds
- Operating in 30 countries
- Around 34,000 employees
- Around 36 million customers
- VIG share listed on the Vienna, Prague and Budapest stock exchanges
- Standard & Poor’s rating: A+ with positive outlook
We stand for diversity and respect, which is why we see it as enriching to employ people from different backgrounds, ages, genders, sexual orientations, religions and abilities. Become part of the diverse team at VIG IT Digital Solutions GmbH, a proud member of Vienna Insurance Group!