Third Party Risk Management & Governance Specialist

Location

Bristol, York or Norwich, 50% on site required

About the Role

The role sits within Group Procurement, reporting into the Group Procurement Director. The function owns the procurement and outsourcing business standard, which defines how Aviva manages third party risk across all markets. The team works closely with UK, Ireland and Canada markets to ensure compliance, strong controls and a fit for purpose governance framework. The scope includes setting standards, supporting markets with implementation, monitoring ongoing compliance and managing internal governance, including control testing and performance reporting.

Responsibilities

• Supporting the application and continuous improvement of the procurement and outsourcing standard.
• Working with markets on compliance and embedding of third party controls.
• Contributing to internal governance, MI and reporting.
• Supporting control testing cycles, follow-ups and remediation.
• Contributing to transformation activities such as TPM data reporting and supply classification redesign.
• Preparing for future TPRM tool implementation and associated readiness work.

Qualifications

The hiring manager is looking for a profile with:

Required Skills

• Strong third party risk management expertise within financial services.
• Solid understanding of the UK regulatory landscape, especially PRA SS2/21.
• Familiarity with international regulations is useful but not essential:
• DORA (EU digital operational resilience regulation)
• OSFI and B10 guidance for Canada
• Broad third party risk experience across multiple domains, not just cyber/security focused specialists.
• Practical experience with outsourcing governance, risk frameworks and supplier lifecycle management.
• Ability to work in a matrixed environment across multiple markets.
• Strong stakeholder engagement and clear communication skills.

Preferred Skills

Nature of Work: Day-to-day activity will be a mix of business-as-usual governance duties, regulatory alignment work, reporting, engagement with markets, and support for in-flight improvements to the third party risk and procurement control environment. The contractor must be able to manage their own workload, handle regulatory detail confidently and collaborate well across procurement, risk, and market teams.