Analyst - Third Party Technical Assurance

European Depositary Bank S.A. • Pune, IN

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers. Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.

Your career with us should reflect your energy and passion. That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience. Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities. For our business, for clients, and for you

Job Description: IT & Cyber Technical Risk Assurance Manager (Third Party / Supplier)

Role Overview: Lead third-party/supplier technical risk assurance for banking/finance/hedge fund businesses, ensuring risk exposure from outsourced services, cloud providers, fintech partners, and critical ICT vendors is identified, assessed, controlled, and monitored in line with Cyber Strategy and Group CISO directives. Design and operate a risk-based Third-Party Assurance (TPA) programme covering due diligence, onboarding, contractual security clauses, continuous monitoring, issue remediation, and offboarding/exit strategies. Provide decision-ready inputs to the Technology Risk Forum (TRF) and manage regional expertise/stakeholder communication.

Key Responsibilities:

  • Third-Party Risk Framework & Governance: Establish policy, standards, and procedures for third-party technical risk; define tiers, inherent risk profiling, and control requirements based on service criticality and data sensitivity.
  • Due Diligence & Onboarding: Perform technical/security due diligence (architecture, controls, certifications, testing); verify compliance to ISO/IEC 27001:2022, NIST CSF 2.0 outcomes, GDPR, DORA (EU) contractual obligations, EU AI Act responsibilities, PCI DSS for payment services, and COBIT-aligned governance.
  • Contractual & SLA Controls: Embed DORA ICT contractual clauses (where applicable), breach notification, resilience testing/TLPT, data location, logging/monitoring, vulnerability/patch SLAs, incident reporting timelines, and audit rights.
  • Continuous Monitoring & Assurance: Operate ongoing assurance (attestations, evidence reviews, targeted testing, control sampling); monitor cyber events, SLA breaches, and material changes; trigger escalation and remediation.
  • Third-Party Resilience & Exit: Validate DR/BC/exit strategies; test data return/destruction; assess concentration risk; coordinate with procurement/legal for remediation and termination when required.
  • Technology Risk Forum Inputs: Present supplier risk posture, top thematic third-party risks, remediation progress, and decisions required (e.g., onboarding approvals, remediation funding, exception handling).
  • Stakeholder Engagement: Partner with business owners, procurement, legal, privacy, security engineering, SOC, IT Ops, and regulators/auditors to ensure clear accountability and timely closure of actions.
  • Regional Enablement: harmonise assurance methods and reporting across countries; ensure cultural/regulatory nuances are addressed.
  • Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
  • Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

Candidate Profile:

  • 10–15+ years in third-party technical risk assurance/TPRM within financial services, including critical ICT providers and cloud services.
  • Hands-on experience embedding DORA contractual clauses, GDPR DPAs, ISO/IEC 27001:2022, NIST CSF 2.0 outcomes, EU AI Act responsibilities, PCI DSS, COBIT governance, and ISO 31000 risk treatment.
  • Exceptional communication, presentation, articulation, and stakeholder influence skills; effective at supplier engagement and executive reporting.

Success Indicators

  • Third-party onboarding with complete due diligence and compliant contracts; clear risk decisions documented.
  • Reduction in vendor-origin incidents and SLA breaches; timely breach notifications and effective remediation.
  • Audit/regulator confidence in supplier controls; strong evidence quality and continuous monitoring performance.
  • Clear TRF narratives enabling funding/prioritization and strategic decisions on vendors.

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

About Apex Group

We are dedicated to driving positive change in financial services while fuelling the growth and ambitions of asset managers, allocators, financial institutions, and family offices. Established in Bermuda in 2003, the Group has continually disrupted the asset serving industry through our investment in innovation and talent. Today, we set the pace in asset servicing and stand out for our unique single-source solution and unified cross asset-class platform which supports the entire value chain, harnesses leading innovative technology, and benefits from cross-jurisdictional expertise delivered by a long-standing management team and over 13,000 highly integrated professionals.

We’re a people-powered business, and our people are full of ambition. Together, we’re inspired to lead the new era of data and tech enabled service. Bringing new products and services to market. Sharpening our client focus. Disrupting the market to exceed expectations. Innovating across a range of specialisms. With our focus on making a difference to our people, our planet and our society, you’ll experience more here than you would at most other companies. Prepare to accelerate.

We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

Positive change starts with you. We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

The journey is yours to own. When you stretch yourself, you grow. We want you to explore ways of working that will see you thrive as part of something bigger. We’ll help you with a solid structure, challenging projects, vibrant networks, supportive colleagues and approachable leaders. All the things you need to own your unique journey.

Find out more about us

AdvertisementLearn new skills on Coursera

Similar Jobs

Closer to LocationSkill Match
Loading Recommendations