Vendor Risk Manager

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.

We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Avaloq has created a centralized Global Vendor Risk Management (VRM) unit in order to identify, evaluate, manage and mitigate risks associated with our third parties across various risk areas.

The Vendor Risk Manager will work closely with other members of the VRM team to organize and execute the vendor  risk assessment process.  In addition to working with established processes, a key outcome for this position will be to gain a broad understanding of Avaloq’s supplier base, with a view to developing into the position into that of a professional risk analyst capable of conducting supplier risk reviews independently and efficiently.

In general, he/she is responsible for the collection, analysis and reporting operational data and risk metrics in support of the VRM unit and its business unit partners. This professional will gather sufficient strategic, technical and operational information from internal business units and external third party to ultimately understand and communicate the current risks, business challenges and issues. In addition, this professional will gather due diligence on selected vendors and prepare reports on Third Party activities to all participants.

The Vendor Risk Manager will be also in charge of contributing to the maintenance and continuous improvement of the global VRM framework.

Your mission

• Organize the execution of yearly and on demand Vendor Risk Assessment activities.
• Plan, organize and follow up of the annual execution.
• Create the report for management and relevant committees as a result of VRA campaigns.
• Monitor to significant events and risks related to third parties
• Perform risk-based due diligence on Avaloq’s third parties to address potential vulnerabilities across various risk areas: Cyber Security, Data Privacy, Financial Health, Business Continuity, Disaster Recovery, Operational Risk, Reputational Risk, among others. Moreover, on-site visits or telephone interviews can be performed on key vendors.
• Work with stakeholders in the various Business risk areas to complete assessments and execute remediation plans where applicable. Establishing relationships with vendors to implement good collaboration.
• Collect, develop and analyze Key Performance Indicators (KPIs), and Key Risk Indicators (KRIs).
• Collect data and provide quantitative analysis of current state, new objectives, supporting metrics and measures, and contribute to proposed solutions.
• Maintain and expand Third Party Risk Management framework.
• Improve reporting on TPM risk events
• Collaborate internally with various stakeholders (Partner management, Procurement, Risk, Data Privacy, Security, Business Continuity

• University Degree in Economics, Engineering, Information Technology or equivalent subjects
• 5+ years of work experience in Risk Management, Information Security Risk, Operational Risk or Procurement area in a bank, financial institution, or consulting company
• 1–3+ years in team leadership or mentoring
• Strong knowledge of TPRM practices across the vendor lifecycle (due diligence, contracts, monitoring, issues, offboarding).
• Familiarity with common control frameworks and regulations (e.g., ISO 27001/2, SOC 2, NIST, GDPR/DPAs, business continuity, financial viability).
• Experience collaborating with Legal, Security, Procurement, and business stakeholders; able to translate risk into business terms.
• Strong problem solving, organizational and time management skills. IT and MS Office suite skills are strongly recommended
• Ability to influence others through strong written and verbal communication, maintaining cooperative relationships at all levels of the organization, despite differing perspectives

You will get extra points for the following

• Risk Management/Information Security certifications
• Experience with TPRM or GRC platforms (e.g., OneTrust, Archer, ProcessUnity, Coupa Risk Aware, ServiceNow VRM, Vanta)
• Sector‑specific compliance knowledge (e.g., DORA for financial services in the EU, EBA guidelines, GDPR)
• Exposure to fourth‑party/chain risk, concentration risk, and resilience testing
• Knowledge in Power BI
• PMP certification