Third Party Risk Manager

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

We have a unique opportunity for you to join the CTO Third Party Risk Management (TPRM) team. This role provides critical risk management support, subject matter expertise, and strategic direction for third-party risk-related activities in close cooperation with the CTO Third Party Risk Officer (TPRO).

As a TPRM, you will ensure timely execution of all risk management activities in alignment with internal policies, processes, and regulatory expectations across your assigned CTO service line. You will support the end-to-end implementation of the Technology Governance and Oversight strategy, ensuring a consistent, coordinated, and effective approach across all engagements within your remit.

You will act as a strategic enabler for Third Party Engagement Managers and Risk Owners, providing expert guidance throughout the third-party risk assessment lifecycle. This includes advising on mitigation strategies and ensuring full compliance with the bank’s internal governance frameworks.

What you’ll do

• Review and monitor third-party risk issues across all engagements from your assigned CTO service lines

• Support Third Party Engagement Managers, Case Managers, and Third-Parties during cyclical reviews (e.g., Risk Assessments, Third Party Cybersecurity Reviews, Business Continuity Reviews etc.), ensuring timely completion and remediation activities. Ensure the CTO TPRO is regularly informed of the business’s third-party risk exposure—including risk nature, severity, and control effectiveness—to support accurate reporting to GCIO Governance Forums.

• Maintain transparent and proactive communication with all key stakeholders—Third Party Engagement Managers, Risk Owners, and Accountable Executives—to ensure visibility and timely escalation of material or regulatory concerns.

• Interpret and respond to management information (MI) and analytical reports produced by global teams, liaising with a broad range of stakeholders including:

  • CTO Senior Management and Operational Risk leads for the assigned service line

  • Risk Domain Representatives and Risk Stewards

  • Cyber Security/BCIM teams

  • GTPM Hub

  • GCIO TPM 

  • Third-Parties

• Embed and enforce third-party risk management procedures, ensuring adherence to defined policies and governance standards across Risk Owners and Engagement Managers. Actively track and manage the use of tools and platforms for risk identification and mitigation.

What you need to have to succeed in this role

• Significant experience in management roles, ideally with strong exposure to Technology environments 

• Expertise in the Cybersecurity domain is a strong advantage

• Strong communication and presentation abilities, with excellent planning, organisational, influencing, and commercial acumen

• Proven ability to work effectively with senior leadership and cross-functional teams in a complex, matrixed environment

• Comfort operating in multicultural, geographically dispersed, and diverse environments

• Ability to manage resources efficiently to balance service delivery with cost effectiveness

• Strong relationship-building and risk management capabilities

• Proficiency with platforms such as Archer, ServiceNow, and custom-built tools used for vendor inventory management, risk assessments, and lifecycle governance