Third-Party Assurance Manager

Fund services | Corporate | Capital markets | Private client | Regulatory & Compliance 

We help clients succeed by unlocking new value through expertise, trust and scale. We deliver solutions that solve complex challenges faced by asset managers, financial institutions, corporates, high net-worth individuals and family offices. 

With a curious mindset, we ask the right questions to get to the right solution, faster. We collaborate to win together, sharing successes and shaping the future of our global business. Our culture of support and recognition provides the tools and opportunities for you to grow, while unlocking the most value for our clients and making your mark with Ocorian. 

Expertise: We deliver specialist, tech-enabled solutions for our clients grounded on deep industry expertise. 

Trust: We’re a trusted partner to over 8,000 clients globally. We are proud to have long-lasting partnerships with our clients. 

Scale: With more than 1,500 colleagues, we operate across 20+ countries, our scale enables us to support our clients globally and locally, providing a seamless client experience across borders and service lines. 

Purpose of the job

We are seeking an experienced Third-Party Assurance Manager to lead our client assurance and vendor due diligence programme across the full end-to-end supply chain lifecycle. This role sits at the intersection of risk management, compliance, security, procurement, and customer trust, ensuring that third-party risks are effectively identified, assessed, and managed—while enabling the business to scale confidently. 

The successful candidate will also be responsible for the oversight and strategic ownership of the Trust Center and Vendor Portal, ensuring transparent, accurate, and timely assurance information for both clients and internal stakeholders. In addition, this role will have responsibility for the AI Management System and ensuring organisational readiness for ISO 42001, supporting compliance and best practice in artificial intelligence governance.

Main Responsibilties

Client Assurance 

• Act as the primary point of contact for client assurance requests, including security, privacy, compliance, and supply-chain risk inquiries.  

• Coordinate and manage responses to customer due diligence questionnaires, audits, and assurance reviews (e.g., SOC, ISO, regulatory requests). 

• Partner with Security, Data Privacy, Legal, and Engineering teams to deliver clear, consistent, and high-quality assurance responses. 

• Drive continuous improvement in client assurance processes to reduce friction and response time. 

Vendor Due Diligence and Supply Chain Lifecycle  

• Own and manage the end-to-end third-party risk lifecycle, including onboarding, risk assessment, contracting, ongoing monitoring, and offboarding. 

• Design and execute vendor due diligence reviews across security, privacy, operational resilience, and regulatory risk domains. 

• Collaborate with Legal, Data Privacy, Security, and Business stakeholders to ensure risk-appropriate controls and remediation plans are in place. 

• Maintain risk tiering, review cadences, and escalation paths aligned to business and regulatory requirements. 

• Oversee procurement processes and licensing management to ensure all third-party solutions are sourced in compliance with company policy and regulatory standards. Work collaboratively with Technology, Legal and Finance to maintain accurate software inventories, manage renewals, and optimise cost-effectiveness while mitigating contractual and compliance risks. 

Governance, Risk & Oversight 

• Develop and maintain third-party assurance frameworks, policies, and procedures. 

• Track and report on third-party risk metrics, trends, and remediation status to senior stakeholders. 

• Support internal and external audits related to third-party risk and supply chain assurance. 

• Stay current on evolving regulatory expectations and industry best practices related to third-party and supply chain risk. 

• Provide oversight of the AI Management System, ensuring robust governance, risk management, and compliance practices are in place throughout the third-party risk lifecycle. Coordinate ISO 42001 readiness activities, aligning internal controls and vendor due diligence processes to the requirements of the AI management standard.  

• Monitor evolving best practices and regulatory developments in AI governance, supporting continued compliance and operational excellence. 

Trust Center & Vender Portal Ownership  

• Lead and nurture teams, building a culture centred around user service, documentation, and proactive engagement. 

• Recruit, mentor, and develop talented employees, defining clear career paths and performance expectations focused on service excellence. 

• Encourage continuous improvement and innovation in support, training, and user communication. 

• Provide strategic oversight of the Trust Center, ensuring assurance materials are accurate, up to date, and aligned with company risk posture. 

• Own and continuously improve the Vendor Portal, enabling transparency and efficient information sharing with clients and partners. 

• Define content strategy, governance, and operating model for assurance artifacts published externally. 

• Partner with Product, Security, and Communications teams to enhance usability and trust signals. 

• 2+ years of experience in third-party risk management, assurance, compliance, security, or audit. 

• Strong understanding of vendor due diligence and supply chain risk management across the full lifecycle. 

• Hands-on experience managing client assurance requests and customer-facing risk discussions.  

• Familiarity with common assurance frameworks (e.g., SOC 2, ISO 27001, ISO42001, NIST, GDPR, vendor risk standards). 

• Proven ability to work cross-functionally and influence without authority. 

• Excellent written and verbal communication skills, particularly in explaining risk to non-technical audiences. 
   

Preferred  

• Experience owning or contributing to a Trust Center or external assurance portal. 

• Background in SaaS, technology, or regulated environments. 

• Experience implementing or optimizing third-party risk tools or workflows. 

• Certifications such as CISA, CRISC, CISSP, or equivalent (nice to have). 

All staff are expected to embody our core values that underpin everything that we do and that reflect the skills and behaviours we all need to be successful.  These are:

• We are CLIENT CENTRIC – Clients are at the centre of our world, and we’re committed to providing expertise and specialist solutions to meet their most complex challenges.
• We are AMBITIOUS – We aim high. We think and act globally, seizing every opportunity to delight our clients and support our colleagues - wherever in the world they may be.
• We are AGILE – We act on our initiative to get things done for our clients. Our independence gives us the flexibility and freedom to keep things simple, efficient and effective.
• We are COLLABORATIVE – With a curious mindset, we ask the right questions to get to the right solution, for our clients faster. We collaborate to win together and share our successes.
• We are ETHICAL – We behave with integrity at all times and assume positive intent, building trust through responsible actions and honest relationships.

Equal Opportunities for Everyone

Please let us know if there’s anything we can do to make the process easier for you. You can reach us at [email protected].

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.