Vendor Manager
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Tabby is hiring a Vendor Risk Manager to own the third-party risk program end-to-end, from due diligence to offboarding. Requires 3-4 years in third-party risk management, knowledge of NIST CSF, ISO 27001, SOC 2, and strong negotiation skills.
Key Skills for This Role
Responsibilities
- Run due diligence on new vendors before contracts are signed, including financial health checks, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping
- Issue a clear risk rating for every prospective vendor with conditions attached
- Sit inside the contracting process with Legal and Procurement to secure audit rights, breach notification windows, data localization commitments, exit assistance clauses, and SLAs
- Own vendor risk assessments across the active third party portfolio, prioritizing critical and high risk vendors for annual deep dive reviews
- Build and run tiered monitoring cadences — quarterly for critical vendors, annual for the rest
- Maintain the concentration risk and critical vendor register
- Work with Product before new vendor integrations go live
- Prepare vendor risk reporting for the Risk Committee and Board
- Manage the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity
Requirements
- 3–4 years in third party risk management, vendor risk, or operational risk at a payments company, lender, bank, or fintech
- Working knowledge of NIST CSF, ISO 27001, SOC 2, and standardized assessment tools like SIG or CAIQ
- Familiarity with regulatory landscape: consumer credit rules, data privacy obligations (GDPR/CCPA), PCI DSS, outsourcing/operational resilience expectations
- Comfort negotiating directly with vendors
- Ability to translate risk findings for non risk stakeholders
- Strong analytical skills
- Excellent communication and interpersonal skills
- Full professional proficiency in English required; Arabic is a plus
Full Job Posting
Description
- BNPL businesses run on a chain of vendors: KYC providers, bureau data, processors, collections agencies.
- As Vendor Risk Manager, you will own our third party risk program end to end, from first due diligence to offboarding.
- You will be the person who can tell leadership which vendors carry the most risk and why.
Key Responsibilities
- Run due diligence on new vendors before contracts are signed, including financial health checks, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping.
- Issue a clear risk rating for every prospective vendor, with conditions attached.
- Sit inside the contracting process with Legal and Procurement to secure audit rights, breach notification windows, data localization commitments, exit assistance clauses, and SLAs.
- Own vendor risk assessments across our active third party portfolio, prioritizing critical and high risk vendors for annual deep dive reviews.
- Build and run tiered monitoring cadences — quarterly for critical vendors, annual for the rest.
- Maintain the concentration risk and critical vendor register.
- Work with Product before new vendor integrations go live.
- Prepare vendor risk reporting for the Risk Committee and Board.
- Manage the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity.
Skills, Knowledge & Expertise
- 3–4 years in third party risk management, vendor risk, or operational risk, ideally at a payments company, lender, bank, or fintech.
- Working knowledge of NIST CSF, ISO 27001, SOC 2, and standardized assessment tools like SIG or CAIQ.
- Familiarity with regulatory landscape: consumer credit rules, data privacy obligations (GDPR/CCPA), PCI DSS, outsourcing/operational resilience expectations.
- Comfort negotiating directly with vendors.
- Ability to translate risk findings for non risk stakeholders.
- Strong analytical skills.
- Excellent communication and interpersonal skills.
- Full professional proficiency in English required; Arabic is a plus.
Nice to have
- Direct BNPL or consumer credit experience.
- Hands on experience with a GRC platform such as OneTrust, ProcessUnity, or Archer.
- CTPRP, CRISC, CISA, or CISM certification.
About Tabby
- Tabby creates financial freedom in the way people shop, earn and save.
- Over 32,000 global brands and small businesses use Tabby.
- Tabby has generated over $7 billion in transaction volume and has the highest rated app in the GCC region.
- Tabby launched in 2020 and has raised +$1 billion in equity and debt funding.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Tabby
Intern QA Engineer
Riyadh, KSA
Tabby is looking for an Intern QA Engineer to join their team in Riyadh. This is an engineering role with real responsibility, focusing on product quality across multiple systems. Interns will work on production tasks, i
Intern QA Engineer
الرياض, KSA
Tabby is seeking an Intern QA Engineer to join their engineering team in Riyadh. This is a paid internship with real responsibility, focusing on product quality across multiple systems. Candidates should have programming
Intern Backend (Go) Engineer
الرياض, KSA
Tabby offers a paid backend engineering internship for strong early-career engineers. Interns work on production code in Go, developing and maintaining backend services, APIs, and data storage for high-load financial sys
Finance Manager (Financial Control)
Riyadh, KSA
Tabby is looking for a Finance Manager to support finance operations for its Saudi Arabia entity, ensuring accurate financial reporting, regulatory compliance, and strong financial governance. The role oversees statutory
DevOps Intern
الرياض, KSA
Tabby offers a paid DevOps internship for strong early-career engineers in Riyadh. Interns work on production cloud infrastructure, Kubernetes, CI/CD, and observability with real responsibility and a path to a junior rol
DBA Intern
الرياض, KSA
Tabby offers a paid DBA internship for strong early-career engineers to work on production database systems including PostgreSQL. Interns will investigate slow queries, review schema changes, maintain backups, and suppor
Finance Manager (Financial Control)
الرياض, KSA
Tabby is looking for a Finance Manager to support finance operations for its Saudi Arabia entity, ensuring accurate financial reporting, regulatory compliance, and strong financial governance. The role requires 5-7 years
Senior Tax Associate
Riyadh, KSA
Tabby is seeking a Senior Tax Associate to manage tax compliance, audits, and transfer pricing across KSA and the GCC region. The role requires 2-3 years of tax experience, strong knowledge of Saudi tax regulations, and
Intern QA Engineer
Riyadh, KSA
Intern QA Engineer
الرياض, KSA
Intern Backend (Go) Engineer
الرياض, KSA
Finance Manager (Financial Control)
Riyadh, KSA
DevOps Intern
الرياض, KSA
DBA Intern
الرياض, KSA
Finance Manager (Financial Control)
الرياض, KSA
Senior Tax Associate
Riyadh, KSA
