Vice President, Third-Party Risk Management

Headquartered in Tokyo, Sumitomo Mitsui Banking Corporation (SMBC) is a leading global financial institution and a core member of Sumitomo Mitsui Financial Group (SMBC Group). Built upon our rich Japanese heritage since 1876, we put our customers first and provide seamless access to, from and within the Asia Pacific region. SMBC is one of the largest Japanese banks by assets and maintain strong credit ratings across our global integrated network. We work closely as one SMBC Group to offer personal, corporate and investment banking services to meet the needs of our customers.

With sustainability embedded within our strategy and operations, we are committed to creating a society in which today’s generation can enjoy economic prosperity and well-being, and pass it on to future generations.

SUMITOMO MITSUI BANKING CORPORATION MALAYSIA BERHAD

Job Summary

Vice President, Operational Risk and Third-Party Risk Management.

The Vice President will lead and execute Operational Risk Management (ORM) activities and overseeing development, implementation and management of comprehensive Third-Party risk management and strategies across the organization, in alignment with SMBC Malaysia’s ORM and TPRM Framework and regulatory expectations. This role is critical in ensuring robust risk controls and timely reporting across the organization.

Key Responsibilities

• Execute ORM and TPRM Processes: Implement operational risk management procedures using approved ORM tools, in accordance with SMBCMY’s ORM and TPRM Framework, internal guidelines, and Bank Negara Malaysia’s policies.
• Control: Enhance organization's resilience to disruption, sustaining critical operations and effectively managing operational and third-party risks.
• Reporting: Prepare accurate and timely periodic and ad hoc reports for submission to BNM, Regional Office, Head Office, and internal stakeholders.

1. Develop comprehensive framework to effectively managing risks associated with third-party relationships and outsourcing arrangement.
2. Serve as TPRM subject matter expert, keep abreast of emerging trends, regulatory developments and industrial benchmarks.
3. Regular assessment of risks associated with vendors to ensure compliance to both regulatory and internal standards.
4. Drive continuous improvements initiatives by evaluating and enhancing data analytics capabilities to optimize the efficiency and effectiveness of TPRM and outsourcing process.
5. Be alert to incidents and trends which may constitute operational, Third-Party and Shariah Non-Compliance (SNC) risks and escalate the risks to Head, ORM or Co-CRO, where appropriate.
6. Co-ordinate with business, functional lines in executing the ORM and TPRM processes, i.e. identify and assess operational, third-party and SNC risks, self-assessment of controls, reporting of loss incidents and Key Risk Indicators (KRI).
7. Provide support to business and functional areas to ensure consistent identification and assessment of third-party risks in accordance with the established Framework and Procedures.
8. Prepare timely and accurate periodical and ad hoc ORM reporting to BNM, respective risk committees, Regional and Head Office.
9. Conduct training and awareness briefings to Heads of Departments and Operational Risk representatives on ORM and TPRM processes and tools.
10. Promote and embed the culture of ORM and conduct risk awareness to all business and functional lines in their capabilities as process and risk owners.
11. Ensure appropriate disclosure of confidential information to the relevant parties in accordance with regulatory requirements on managing such confidential information.
12. In the absence of the Department Head, to assume control and day to day functions of the department, as authorised by the Head of Department.

Job Requirements

Education & Qualifications

1. Bachelor’s degree in risk management, Business Administration, Finance, Law, or related discipline.
2. Professional certifications such as CTPRP (Certified Third-Party Risk Professional), CRISC, CISA, or ISO 27001 Lead Auditor are highly preferred.
3. Familiarity with Bank Negara Malaysia’s Outsourcing Policy Document, Operational Risk Guidelines, and PDPA 2010.

Experience

1. Minimum 8–10 years of experience in Third-Party Risk Management, Outsourcing Governance, or Operational Risk within the financial services industry.
2. Proven experience in:- Designing and implementing TPRM frameworks and governance models.- Conducting due diligence, risk assessments, and contractual reviews for vendors and service providers.- Managing outsourcing registers, risk treatment plans, and regulatory reporting.- Experience in regulatory engagement with BNM and internal audit functions.

Technical Skillsstrong Knowledge Of:

1. Third-party lifecycle management: onboarding, monitoring, renewal, and exit.
2. Risk scoring models, control testing, and incident escalation protocols.
3. Cybersecurity and data protection controls in outsourced arrangements.
4. Business continuity planning (BCP) and disaster recovery (DR) for third-party dependencies.
5. Familiarity with tools such as GRC platforms, TPRM dashboards, and vendor management systems.

Leadership & Communication

1. Ability to lead cross-functional teams and collaborate with Legal, Compliance, Procurement, and IT.
2. Strong communication skills to prepare and present reports to BNM, Regional Office, Head Office, and internal committees.
3. Capable of driving a risk-aware culture and promoting third-party governance best practices.