Commercial Investment Bank Controls - Third Party Risk & Controls Insights Lead

Join a controls team where your judgment and communication skills directly influence how we adopt and manage third parties safely.

You'll work with partners across technology, procurement, legal, compliance, and operational risk to turn complex security and resilience findings into clear, business-ready decisions.

If you enjoy connecting technical detail to real-world outcomes-and constructively challenging when needed-this role gives you a wide platform for impact.

As a Third Party Risk & Controls Insights Lead in CIB Controls, you own the insights agenda across the third-party lifecycle-onboarding, change, ongoing monitoring, and exit-so leaders have consistent, defensible, decision-grade risk conclusions.

You synthesize and challenge third-party assessment outputs (with a focus on data, cybersecurity, and resilience), translate technical evidence into clear narratives and recommendations, and strengthen the quality and consistency of risk decision artifacts.

You'll partner closely with business control managers and cross-functional stakeholders to improve risk visibility, align control expectations, and support responsible vendor adoption.

Job Responsibilities


* Aggregate and analyze third-party risk signals to deliver actionable insights focused on data protection, cybersecurity, and resilience.


* Govern standards for third-party risk decision artifacts (e.g., risk statements, residual risk framing, materiality thresholds, issue taxonomy, and escalation expectations).


* Review and challenge onboarding, assessment, and monitoring outputs to ensure completeness, consistency, and defensibility of conclusions and remediation expectations.


* Perform thematic analysis across the third-party portfolio to identify emerging risks, root-cause patterns, and concentration hot spots, and escalate material themes through governance forums.


* Advise on business cases for new or expanded third-party engagements, including reuse opportunities, risk trade-offs, and control uplift levers (standardization and contractual terms).


* Evaluate cloud and SaaS architectures to identify material control gaps (e.g., IAM, encryption/key management, logging/monitoring, segmentation, data residency, dependency chains, concentration risk).


* Define and maintain an insights framework including taxonomy mapping, KRI/KPI definitions, thresholds, trends, and executive dashboards.


* Produce executive-ready governance materials summarizing themes, exceptions, systemic issues, decision requests, and residual risk positions for senior stakeholders.


* Partner across controls, technology, procurement, legal, compliance, operational risk, and business teams to maintain a single, consistent narrative on third-party risk posture and priorities.

Required Qualifications, Capabilities, and Skills


* Expertise in control management in financial services, focused on compliance and operational risk mitigation.


* Third-party risk expe...