Description
We are the creators of a new fintech era!
Our mission is to revolutionize the world by making blockchain technology accessible to everyone in everyday life. WhiteBIT is a global team of more than 1,500 professionals united by a shared vision of shaping the future.
We are building our own blockchain ecosystem to ensure maximum transparency and security for over 8 million users worldwide. Our cutting-edge solutions, rapid adaptation to market challenges, and technological excellence set us apart from traditional companies.
Our official partners include Juventus, FC Barcelona, Lifecell, FACEIT, and VISA.
Join us as an Third-Party Risk Manager/ВСМ/Legal DORA.
- Degree in Information Security, Risk Management, IT, or a related field.
- 2-5+ years of experience in: Third-party risk management; ICT risk / operational risk / IT audit; BCM.
- Experience in regulated environments (financial services, fintech, crypto preferred).
Technical Knowledge
Understanding of:
- Outsourcing and third-party risk frameworks.
- ICT and cybersecurity risk domains.
- Control frameworks.
Familiarity with:
- Cloud environments and third-party service models.
- Security assessment techniques and control validation concepts.
Key Skills & Competencies
- Strong risk assessment and analytical capabilities.
- Ability to independently challenge and escalate.
- Structured, evidence-based decision making.
- Clear communication with both technical and non-technical stakeholders.
- High level of integrity and independence.
1. End-to-End Third-Party Risk Oversight
Oversee third-party risk management across the full lifecycle.
- Pre-engagement risk assessment.
- Onboarding due diligence.
- Ongoing monitoring.
- Exit and termination risk evaluation.
- Ensure risks related to outsourcing and ICT services are identified, assessed, and managed continuously.
2. Risk Assessment & Due Diligence
Define and perform risk assessments covering:
- ICT and cybersecurity risk.
- Operational resilience risk.
- Data protection and confidentiality risk.
- Concentration and systemic risk.
- Review and challenge due diligence performed during onboarding.
- Ensure third parties are classified based on criticality (e.g., Critical or Important Functions - CIFs).
3. Continuous Risk Monitoring
Establish and maintain ongoing monitoring mechanisms for third-party risk, including:
- Security posture (e.g., vulnerabilities, certifications, audit reports).
- Service resilience and availability risks.
- Incident trends and control effectiveness indicators.
- Define and monitor Key Risk Indicators (KRIs) and thresholds.
- Identify emerging risks and ensure timely escalation.
4. ICT & Security Risk Oversight
Assess adequacy of third-party security controls, including:
- Access management.
- Data protection and encryption.
- Logging, monitoring, and incident response capabilities.
- Review security attestations (e.g., ISO 27001, SOC reports).
- Coordinate deep-dive reviews for critical providers.
5. Independent Challenge (SLOD Function)
Provide independent challenge to:
- Vendor selection decisions (from a risk perspective).
- Control design and mitigation measures.
- Risk acceptance and residual risk decisions.
- Escalate insufficient controls, excessive risk exposure, or non-compliance.
6. Risk Framework & Methodology
Develop and maintain the Third-Party Risk Management (TPRM) framework, including:
- Risk assessment methodologies.
- Scoring models and classification criteria.
- Monitoring standards and review cycles.
- Ensure consistency and traceability across:
- Risks.
- Controls.
- Providers.
- Evidence.
7. Issue & Remediation Oversight
Track identified third-party risk issues and control gaps.
- Challenge remediation plans for adequacy and timelines.
- Validate closure of findings and effectiveness of remediation.
8. Regulatory Compliance & Alignment
Ensure alignment with:
- Digital Operational Resilience Act (DORA) - ICT third-party risk requirements.
- Delegated Regulations (EU) 2024/1773 / 1774.
- Markets in Crypto-Assets Regulation (MiCAR) - operational resilience and safeguarding.
- Interpret regulatory requirements and translate them into risk controls and monitoring practices.
9. Reporting & Governance
Produce regular reporting on:
- Third-party risk exposure.
- KRI breaches and trends.
- Critical provider risk profiles.
- Open issues and remediation status.
- Report to Risk Committees and senior management.
- Support CRO in providing risk transparency.
Immerse yourself in Crypto:
— Master cutting-edge technologies and become an expert in the most innovative industry.
Work with the Fintech of the Future:
— Develop your skills in digital finance and shape the global market.
Take Your Professionalism to the Next Level:
— Gain unique experience and be part of global transformations.
Drive Innovations:
— Influence the industry and contribute to groundbreaking solutions.
Join a Strong Team:
— Collaborate with top experts worldwide and grow alongside the best.
Work-Life Balance & Well-being:
— Modern equipment.
— Comfortable working conditions and an inspiring environment to help you thrive.
— 25 business days of paid leave.
— Additional days off for national holiday
For this position, a minimum monthly salary in accordance with the Collective Agreement for Employees in Information and Consulting is foreseen. Overpayment in line with market standards, depending on your qualifications and professional experience, is intended.