Head of Third Party & Outsourcing Risk

As an organization we outsource quite a lot of activities and work with many third parties. While this delivers opportunities and efficiencies, it also creates risks that need to be managed. Especially in this day and age where we are more and more digitally connected into a wider eco‑system. At ABN AMRO non‑financial risk management is performed according to the three lines of defence model.The Head of Third Party & Outsourcing Risk is groupwide responsible for all second line of defence activities within the ABN AMRO group related to outsourcing and third party risks. As part of the wider IT & Cyber CRO function you lead the 2nd line activities for these risk types, providing independent and adequate oversight over first line activities in this space, as well as guiding and assisting the first line organization in mitigating the relevant risks that matter. You are also pivotal in setting risk boundaries and managing risk expectations for this risk type to all relevant stakeholders, including management board and regulators.

You do this with independence, authority and the relevant knowledge and competencies. In doing so you will lead a small team of professionals. Furthermore you will be part of the management team of the CRO IT & Cyber function and you are expected to help develop this function as a whole to the next level. This is an expert lead role which requires a mixed skillset of team management, expert leadership and good stakeholder management and communication skills. As such this role is a great opportunity to further develop your personal leadership.

Are you our new leader on outsourcing and third party risk management ? Do you recognize yourself in this profile and are you up for this challenge ? If so, please apply.

You are a seasoned and experienced non‑financial risk manager, with focus on and experience in third party risk, IT risk and cyber security risk. You are an effective communicator. You are able to maintain 2nd line of defence independence while balancing this with clear and open cooperation with relevant first line colleagues. You bring clarity and decisiveness to the table, and inspire trust and confidence in key stakeholders as well as into your team. You are also able to switch between operational, tactical and strategic work and dialogue. Furthermore you have:

In depth knowledge of relevant:

• Laws and regulations, e.g. DORA, GDPR, NIS2.
• Supervisory directives, e.g. (Cloud) outsourcing guidelines.
• International standards, e.g. COBIT, NIST CSF, FAIR model.

Senior‑level experience with IT and vendor risk assessments and control design:

• Proven experience in conducting vendor, IT and cyber security risk assessments.
• Ability to identify, quantify, and prioritize risks at the enterprise level, including supply chain/third‑party risks.
• Designing, implementing and validating controls.

You are groupwide responsible for all second line of defence activities within the ABN AMRO group related to outsourcing and third party risks. In that capacity you will work closely with relevant first line functions such as Procurement, Contract Management, Information Security and Business Continuity functions. Your responsibilities include:

• Develop and maintain a Third Party & Outsourcing Risk policy and risk management framework.
• Set risk appetite for this risk type.
• Define key controls and control testing strategies regarding third Party & outsourcing risk.
• Identify, analyze and ensure alignment with new and changing regulatory and business objectives in this space.
• Define comprehensive guidelines and procedures to support consistent risk management practices across the organisation.
• Conduct qualitative and quantitative risk analysis for third party & outsourcings risk.
• Identify key concerns and help develop key mitigation strategies for those key concerns.
• Report relevant risk and manage all relevant stakeholders.

Key results and desired outcomes:

• Delivery of a strong 2nd LoD Risk Framework in this space.
• Effective contribution to our future sourcing strategies and vendor management practices.
• Development of scenarios and playbooks for key risk events.
• Being a proactive and enabling partner for I&T, the Management Team I&T and the bank to mitigate or resolve identified risks that matter, and work together with the business on e.g. Appropriate risk responses.
• Contribute to CRO strategic pillars simplicity, risks that matter a.o. By ensuring development of scenarios and playbooks for key IT & Cyber Risk events.

Key relationships

• Reports to: Chief Risk Officer IT & Cyber (CRO IT & Cyber)
• Close cooperation with: head of Procurement, head of Vendor Security. MT members CRO IT & Cyber.
• Direct reports: 5 FTE

Behavioral cultural within Risk Management:

• Debate, debate, decide.
• Gain different perspectives on impact throughout the value chain. Then take the decision, accept the decision and respect single accountability & responsibility.
• Keep it simple. Start with the goal, set well‑defined requirements, proactively address dependencies, seek feasibility in plans and don’t overpromise. No abbreviations.
• Embrace Good. Don't go for perfect, do what’s right and compliant.
• From being nice to being kind. Ask and act on feedback, be open about the good, bad and ugly. Reflect, adapt and move forward.
• No excuses – stay the course, take the lead, own it. Act quickly, standardize progress updates to ensure timely support and elevate.

We look for four core qualities in our risk leadership:

Inspire & Enable

• You inspire and enable others around the WHY and WHAT of ABN AMRO purpose and strategy.
• You connect the dots and win the hearts and minds of your team.
• You know how to mobilize your team(s) to enable execution and get to the right results.

Balance Ambiguity

• You understand the context of ABN AMRO.
• You know how to deal with ambiguity by effectively setting priorities and balancing the short and the long term.
• You grow the business while being compliant and in control.

Challenge the Status Quo

• You encourage and empower your team to challenge the status quo and experiment.
• You are entrepreneurial while respecting the rules of the game.
• You learn from success and failure and I am transparent about it.

Mindful Leader

• You are mindful of who you are as a leader and how you show up for your team.
• You connect to the ABN AMRO purpose and values and act on it.

If you need more information or have any questions, please contact wico.van.spanje@nl.abnamro.com (HR). We look forward to meeting you!

At ABN AMRO, we believe in "Banking for better, for generations to come." Equal opportunities for everyone are a crucial foundation, as we strive for an inclusive culture where all employees feel seen, heard and valued. Our vision of "being a personal bank in the digital age" aligns perfectly with the demand for surprising insights and innovative solutions, born from a diverse interplay of cultures and experiences. We focus on customer experience, sustainability and building a future‑proof bank, conducting annual reviews to ensure equal pay for equal work. Join a bank that embraces ingenuity and ambition, and make an impact with us for a better future.

If you want to apply for the B‑Able or Reboot program, make sure to mention it both in the title and the content of your resume.