{bc}
indeed

Vendor Manager

Tabby
الرياض, KSA
Full Time
Senior
3 days ago
Third Party Risk ManagementNIST CSFISO 27001SOC 2Vendor Risk AssessmentContract Negotiation
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Third Party Risk ManagementNIST CSFISO 27001
Smart Apply

Full Job Posting

Description

  • BNPL businesses run on a chain of vendors: KYC providers, bureau data, processors, collections agencies.
  • As Vendor Risk Manager, you will own our third party risk program end to end, from first due diligence to offboarding.
  • You will be the person who can tell leadership which vendors carry the most risk and why.

Key Responsibilities

  • Run due diligence on new vendors before contracts are signed, including financial health checks, SOC 2 / ISO 27001 review, breach history, and subprocessor mapping.
  • Issue a clear risk rating for every prospective vendor, with conditions attached.
  • Sit inside the contracting process with Legal and Procurement to secure audit rights, breach notification windows, data localization commitments, exit assistance clauses, and SLAs.
  • Own vendor risk assessments across our active third party portfolio, prioritizing critical and high risk vendors for annual deep dive reviews.
  • Build and run tiered monitoring cadences — quarterly for critical vendors, annual for the rest.
  • Maintain the concentration risk and critical vendor register.
  • Work with Product before new vendor integrations go live.
  • Prepare vendor risk reporting for the Risk Committee and Board.
  • Manage the offboarding process for exited vendors, confirming data deletion, access revocation, and transition continuity.

Skills, Knowledge & Expertise

  • 3–4 years in third party risk management, vendor risk, or operational risk, ideally at a payments company, lender, bank, or fintech.
  • Working knowledge of NIST CSF, ISO 27001, SOC 2, and standardized assessment tools like SIG or CAIQ.
  • Familiarity with regulatory landscape: consumer credit rules, data privacy obligations (GDPR/CCPA), PCI DSS, outsourcing/operational resilience expectations.
  • Comfort negotiating directly with vendors.
  • Ability to translate risk findings for non risk stakeholders.
  • Strong analytical skills.
  • Excellent communication and interpersonal skills.
  • Full professional proficiency in English required; Arabic is a plus.

Nice to have

  • Direct BNPL or consumer credit experience.
  • Hands on experience with a GRC platform such as OneTrust, ProcessUnity, or Archer.
  • CTPRP, CRISC, CISA, or CISM certification.

About Tabby

  • Tabby creates financial freedom in the way people shop, earn and save.
  • Over 32,000 global brands and small businesses use Tabby.
  • Tabby has generated over $7 billion in transaction volume and has the highest rated app in the GCC region.
  • Tabby launched in 2020 and has raised +$1 billion in equity and debt funding.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Tabby