Vendor Risk Officer Porto

Overview

Natixis in Portugal is part of the Global Financial Services division, supporting the Corporate & Investment Banking and Asset & Wealth Management lines. The Porto Centre of Expertise has more than 2, 400 employees from over 30 nationalities, organized in Information Technology, Banking Support Activities and Compliance. The CIO Office is a transversal IT department that promotes a consolidated view of IT, harmonizes practices, and supports management control and communication across business units.

Responsibilities

• Vendor Risk Officer: drive the organization’s vendor risk management initiatives and provide effective oversight of supplier relationships to mitigate risks.
• Supplier Risk Management: oversee the global supplier risk framework, ensure compliance with policies and regulations, and proactively identify and manage vendor risks.
• Committee Engagement: facilitate the Natixis Vendor Risk Management (VRM) Committee and collaborate with local procurement teams to promote best practices.
• Contractual Support: assist in contractualization to ensure vendor agreements include risk mitigation measures and policy compliance.
• Vendor Risk Monitoring: continuously monitor and evaluate vendor risks, ensuring timely identification, reporting and management of issues.
• Incident Follow-Up: track vendor incidents and ensure corrective actions are documented and implemented.
• LOD1 Controls Management: manage Line of Defense 1 controls, coordinate definition of LOD1. 2 controls, and write related policies and procedures.
• Risk Assessment Execution: execute LOD1. 2 controls on risk assessments with quality and periodic updates from BPCE Achats & Services SSC or local international platforms.
• Regulatory Compliance: handle regulatory notifications (including ECB) and ensure compliance with DORA and EBA requirements, maintaining accuracy in relevant registers.
• Data Quality Assurance: contribute to the Grasp tool migration project, ensuring data integrity in the target repository with IT and Natixis stakeholders.
• Activity Reporting: follow up on risk assessments coordinated by the SSC and provide reporting updates to stakeholders.
• Project Participation: engage in VRM-related projects and initiatives to support the function’s success.
• Communication and Collaboration: interact with procurement, compliance and legal teams; strong attention to detail and understanding of vendor risk management principles.
• Language and Stakeholder Interaction: role involves contact with headquarters in France; proficiency in French is a plus.

Qualifications

• Degree in a relevant area; 2+ years’ experience in customer support, management control, and/or project management.
• English minimum B2 level and French minimum B2 level (mandatory).
• 1+ year Purchase to Pay knowledge; 1+ year Suppliers / KYS knowledge; 1+ year Contract management; 1+ year Risk analysis.
• Knowledge of Priscop; Grasp; Ivalua. Harmoni is a plus.
• English CVs only, per policy.

Additional Information

Natixis in Portugal is committed to dignity, respect and inclusion. A Blind CV Screening process is used to reduce hiring bias; apply with a blind CV (no picture, name, gender, age, nationality, ethnicity or address). The content below reflects the original job description language and intent without introducing external facts.

We are an equal opportunity employer and value diversity in our workforce. This description maintains the role’s core responsibilities and requirements, as presented by the original job description.