Senior Manager Vendor & Outsourcing Steering

• 1st Line of Defense Ownership: Act as the primary risk owner for assigned third-party vendor relationships, identifying, assessing, and mitigating vendor-related risks in alignment with the bank’s enterprise risk management framework.
• DORA & Regulatory Compliance: Ensure all ICT third-party relationships comply with DORA requirements. Maintain the bank's Information Register for all ICT third-party arrangements and ensure appropriate contractual provisions are implemented and monitored.
• Outsourcing Lifecycle Management: Oversee the entire vendor lifecycle (initiation, due diligence, onboarding, continuous monitoring, and exit strategies) for critical and important outsourcing functions according to applicable guidelines.
• Performance & SLA Management: Establish, negotiate, and monitor strict Service Level Agreements (SLAs) and Key Performance Indicators (KPIs). Conduct regular business reviews with key vendors to drive performance and resolve operational issues.
• Contract Negotiation: Partner with Legal and Procurement teams to negotiate vendor contracts, ensuring all regulatory clauses (e.g., audit rights, sub-outsourcing restrictions, data protection, and exit plans) are robustly integrated.
• Risk Mitigation & Incident Response: Collaborate closely with the 2nd Line of Defense (Risk, Compliance, InfoSec) to remediate audit findings. Ensure vendors have tested and proven Business Continuity and Disaster Recovery plans in place.
• Stakeholder Management: Act as the central point of contact between internal business owners, external vendors, and 2nd/3rd line control functions. Advise senior management on vendor risk exposure and strategic sourcing decisions.

Depending on your level of experience, your responsibilities and scope of role will range. We don’t care much about fancy titles, but rather about real personal and professional development, as laid out in our learning framework. Let’s figure together out how you can contribute to our team.

• Master’s or Bachelor’s degree in Business Administration, Information Technology, Finance, Law, or a related discipline.
• 7–10 years of experience in Vendor Management, Third-Party Risk Management (TPRM), Procurement, or IT Service Management within the financial services/banking sector.
• Proven track record working directly within a 1st Line of Defense function, taking ownership of operational processes and the associated risks.
• Deep, practical understanding of European and German banking regulations regarding outsourcing and IT security. Specifically: DORA, EBA Guidelines on Outsourcing, MaRisk (particularly AT 9)
• Extensive experience in negotiating complex IT and business process outsourcing (BPO) contracts, including cloud service agreements (SaaS, PaaS, IaaS).
• Demonstrated ability to lead cross-functional initiatives, influence stakeholders without direct authority, and drive a culture of risk awareness.
• Business fluency in German and English (both written and spoken) is mandatory for interacting with local regulators (BaFin) and global vendors.
• Industry-recognized certifications in risk management, audit, or service management are highly desirable (e.g., CISM, CISA, CRISC, ITIL, or specialized TPRM certifications) are a strong plus
• Strong ability to analyze complex vendor risk assessments, SOC reports, and financial health metrics.
• Pragmatic and proactive approach to resolving vendor-related operational incidents and supply chain disruptions.