Senior Risk Manager - Third Party Risk

General Job Title: Senior Risk Manager – Third Party Risk Division: General Management – Risk & Compliance Reports To: Head of Operational Risk Key Relationships First line internal stakeholders include Procurement and Vendor Management, IT, Data, Underwriters and Claims Managers

This includes supporting first line stakeholders in the management of operational risk and key TPRM-related regulatory relationships across the group

Second and third line stakeholders include the Risk Management team (Insurance Risk and Enterprise Risk Management team members), Risk Management Senior Leadership Team, Chief Risk Officer and wider team members of second and third line functions (Compliance and Internal Audit)

Job Summary The role supports the Head of Operational Risk in the oversight and management of operational risk matters across the group, with a particular focus on third party risk activities

It is also responsible for providing independent second-line oversight, challenge, and assurance over the organisation’s management of risks, including those arising from third parties, outsourced services, and strategic suppliers

The role has primary responsibility for the management of operational risks across a number of business areas, including Delegated Authority, Facilities Management and Talent Management

It also has a particular focus on the design, maintenance, and oversight of the group’s third party risk management framework, ensuring that third party risks are identified, assessed, monitored, and managed in line with the firm’s risk appetite, regulatory requirements, and operational resilience objectives

Key Responsibilities Risk Management Framework Provide independent oversight and effective challenge to first-line operational risk activities

Review, challenge and contribute to the Third Party Risk Management (TPRM) framework, policies and standards

Support the Head of Operational Risk in facilitating regular Risk & Control Self Assessments (RCSAs) with first line risk owners and stakeholders, ensuring the assessments are performed and documented accordingly

Oversee the management of delegated authority risk within Underwriting, Claims and Operations as part of the TPRM framework

Ensure consistent risk tiering and materiality assessments for all third parties

Review and challenge residual risk assessments, risk acceptances, and exceptions related to Operational Risk

Oversee integration of Third Party Risk into operational resilience, technology, cyber, and data frameworks

Support the implementation and maintenance of a robust control environment with clear ownership and accountability within the business, ensuring control documentation remains accurate and current

Develop and monitor key risk indicators (KRIs) and support risk appetite monitoring and management

Work collaboratively with 1st Line and Risk domain teams, supporting the embedding of the Operational Risk and TPRM framework into the organisation and across the 3 Lines of Defence model

Act as the appropriate liaison across the 3 Lines of Defence model, including 1st Line colleagues, Risk Owners, Compliance and Internal Audit functions, Operational Resilience, and risk domains including Information Security and Sustainability

Risk Oversight and Reporting Provide review, credible challenge and 2nd Line insights over 1st Line decision-focused risk reporting, dashboards, and actively participate in any thematic deep dives, with particular focus on Third Party and broader risk areas

Provide independent risk opinions on emerging operational risk themes

Investigate and report operational risk incidents, ensuring lessons learned are captured and implemented Support ORSA, scenario testing, and stress testing, in particular where Third Party dependencies are classed as material

Identify systemic risks and concentration vulnerabilities related to TPRM

Challenge the quality, completeness, and relevance of first-line reporting and MI, ensuring they support effective risk management and align with risk appetite

Regulatory and Governance Responsibilities Support compliance with regulatory expectations relating to third party, outsourcing and broader operational risks

Act as a second-line point of contact for regulators and Internal Audit

Ensure clear governance, escalation, and documentation of third-party risk decisions

Promote clear ownership and accountability across the first line

Promote a culture of good conduct within the Operational Risk team by demonstrating and communicating the expected levels of behaviour and integrity

FCA conduct rules – individual conduct rules: You must act with integrity; You must act with due care, skill and diligence; You must be open and cooperative with the FCA, PRA and other regulators; You must pay due regard to the interests of customers and treat them fairly; and You must observe proper standards of market conduct

General It is important that within all your interactions both internally and externally you adhere Beazley’s core values - Being Bold, Striving for Better, and Doing the Right Thing as they contribute to an internal environment of teamwork and promote a positive brand image and experience to our external customers." We also expect Beazley employees to:   Comply with Beazley procedures, policies and regulations including the code of conduct

Undertake training on Beazley policies and procedures as delivered by your line manager, the People & Sustainability or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system

Display business ethics that uphold the interests of all our customers

Ensure all interactions with customers are focused on delivering a fair outcome, including having the right products for their needs

Comply with any specific responsibilities necessary for your role as outlined by your line manager, the People & Sustainability or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas

This may include, amongst others, Beazley’s underwriting control standards, Beazley’s claims control standards, other Beazley standards and customer relationship management

Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system.  These may include membership of any Beazley committees or working groups

Personal Specification: Essential Criteria Degree level educated or an equivalent combination of education training and experience with third-party frameworks and industry standards; and/or relevant professional qualification (e.g., IRM International Certificate in Operational Risk, Practitioner Certificate in Information Management, etc.)

Proven third party risk expertise, preferably with knowledge of relevant standards such as ISO 27001, ISO 22301, NIST, and COBIT; A strong understanding of the Lloyd’s or wider company insurance market and frameworks is preferable; Knowledge and experience of risk management frameworks and tools

Knowledge, Experience and Skills Demonstrate effective understanding of relevant TPRM regulations for a global organisation operating across the UK, EU, US and Asia

Understanding of the commercial drivers and dynamics affecting risk decisions in the insurance sector, as well as operational and risk processes found within an international insurance group

Ability to build strong partnering relationships with a wide range of stakeholders, in particular the 1st Line TPRM team

Ability to interact professionally and with credibility and manage expectations of management and key stakeholders

Ability to manage time, meet deadlines and prioritise

Able to communicate effectively with others

Ability to build and track remediation plans where deficiencies are identified

Proficiency in Microsoft 365 apps

Experience of working in a global and fast paced business environment is essential

Experience of Committee and Board reporting

Aptitude and Disposition Application of risk-based judgement Influencing and trusted advisor Flexible Energetic, enthusiastic and positive Team player Self-motivated with the ability to work autonomously Proactive Strong prioritisation skills; ability to meet deadlines and manage stakeholders’ expectations Highest degree of integrity / discretion Strong written and verbal communication skills Analytical Attention to detail, with ability to see bigger picture Ability to challenge, negotiate with, influence and persuade both internal and external parties