Supplier Risk and Compliance Specialist

Hello… an exciting new opportunity has just become available in our Group Services, in the Non Claims Procurement area. We are looking to recruit a Supplier Risk and Compliance Specialist,

Job Purpose

The Group Procurement Third Party Risk & Compliance Specialist will be responsible for managing third-party risks and ensuring regulatory compliance. This role involves supporting supply chain strategies through collaborative team efforts. The primary objective is to achieve the Group Procurement Supplier Risk Management strategy by implementing Third-Party Risk Management measures that are proportionate to supplier capabilities and associated risks.

Key Responsibilities

• Ensuring that the Group Risk Management framework, policies, and strategy is understood and implemented within Group Procurement.
• Ensuring risk identification, control and reporting processes are aligned with the Group Risk Management methodology and requirements.
• Develop and utilise a sound understanding of business processes, risks and controls including relevant regulatory and contractual requirements.
• Ensure continuous improvement of supplier risk assessment methodologies and tools.
• Facilitating and conducting Integrated Control Self Assessments (ICSAs) / Risk and Control Self-Assessments (RCSA) for Group Procurement.
• Analysing trends and performing root cause analyses on identified risk events to recommend improvements to prevent these risk events from re-occurring in future.
• Create Third Party Key Risk Indicators through consultation with Group Procurement Management. The focus should be on creating leading third-party key risk indicators to enable more initiative-taking third-party risk management.
• Measure and report on third party key risk indicators as per the frequency agreed with Group Procurement Management.
• Monitor the implementation of action plans mitigating processes and risks identified from the risk management activities. The action plans could arise from one or more of the following activities:
• Integrated Control Self Assessments (ICSAs)/Risk and Control Assessments (RCSAs); or
• Third Party Key Risk Indicators; or
• Risk Events/Operational Losses; or
• Group Procurement Strategic Risk Tracking.
  

As part of these activities, provide recommendations on supplier onboarding, contract renewals, and termination based on risk evaluations.

• Tracking and monitoring on the closure of assurance findings (Group Compliance, Group Risk management, Group Internal Audit and External Audit).

• Perform various monitoring checks which have been agreed with Group Procurement Management. This may include:
• Conduct oversight monitoring on suppliers as per the Group Procurement Line 1 monitoring plan in line with the contractual monitoring requirements.
• Conducting risk assessments and due diligence for new and existing suppliers.
• Perform supplier analysis and remediation to ensure compliance and mitigate risks.
• Manage third-party risk management (TPRM) programs to oversee supplier performance.
• Monitor supplier compliance with regulatory requirements, industry standards, and internal policies.
• Conduct Group Procurement process adherence audits testing to the required standard and/or policies.

• Stakeholder Management
• Creating the culture of risk awareness to enable alignment between Procurement Risk and Compliance objectives and business objectives.
• Collaborate with internal stakeholders to evaluate and enhance supplier performance and compliance.
• Support procurement teams in developing sourcing strategies that mitigate supplier-related risks which could impact on supply chain risk. Examples include financial stability, ethical sourcing, environmental impact, data security, and geopolitical factors.
• Implement and promote sustainable and ethical procurement strategies across the organization.
• Build mutually beneficial relationships with stakeholders.
• Manage all client interactions for allocated areas of scope.

Administration and Reporting

• Maintain and manage supplier risk databases and documentation.
• Adhoc reporting based on the specific needs of Group Procurement Management.
• Ensuring that Group Procurements’ Risk Profiles are up-to-date and relevant.
• Stay updated on global and regional regulatory changes affecting supplier compliance and procurement.