Tech Third Party Ops Resilience Lead
Posted 3 days ago by Experis
£1,000 Per day
Inside
Onsite
Sheffield
Summary: The Technology Third Party Operational Resilience Lead is responsible for enhancing Third Party Operational Resilience and IT Service Management within the organization. This role involves overseeing the mapping of technology services, managing vulnerability assessments, and ensuring compliance with regulatory requirements. The successful candidate will engage with various stakeholders to improve resilience and support operational continuity planning. The position is based in Sheffield with a focus on on-site collaboration three days a week.
Key Responsibilities:
- Oversee mapping and lineage between Technology Third Parties and Technology Services, ensuring accurate identification and classification.
- Manage the Third Party Operational Resilience Vulnerability Assessment process and assessment output.
- Lead engagement with core stakeholder groups including Business Service Owners and IT Service Owners.
- Conduct Quality Assurance across processes to ensure accuracy and compliance.
- Consolidate information across Service Chains for effective decision making.
- Act as the key point of contact for Operational Resilience queries.
- Ensure compliance with regulatory and internal Operational Resilience requirements.
- Manage ad-hoc requests from Regulators and Second & Third Lines of Defence.
- Support continuous improvement initiatives for Important Technology Third Party services.
- Play a core role in operational resilience continuity planning and testing.
- Provide Subject Matter Expertise to Supplier facing colleagues in IT Service Management.
- Document compliance gaps and support external discussions with Third Parties.
Key Skills:
- Proven ability to drive and guide complex stakeholder groups.
- Experience in Supplier/Vendor management and Third Party Management processes.
- Understanding of regulatory environment in financial services, including Third Party Resilience regulations.
- Strong understanding of Third Party Risk frameworks and processes.
- Clear understanding of Technology services and resilience areas.
- Proven experience in IT Service Management and knowledge of ITIL principles.
- Ability to operate effectively within a risk and control management environment.
- Relevant certifications (e.g., ITIL v4) are advantageous.
Salary (Rate): £1000 per day
City: Sheffield
Country: United Kingdom
Working Arrangements: on-site
IR35 Status: inside IR35
Seniority Level: Mid-Level
Industry: IT
Detailed Description From Employer:
Role Title: Technology Third Party Operational Resilience Lead
Start Date: ASAP
End Date: November 2026
Location: Sheffield (3 Days per Week Onsite)
Rate: £1000p/d max via Umbrella
Role Description
We are seeking a highly capable SME who has expertise in both Third Party Operational Resilience and IT Service Management (ITSM) domains. The successful candidate will be instrumental in enhancing Third Party Operational Resilience delivery and oversight, including through the implementation of technology control resilience requirements, and help to shape this newly formed function to deliver exceptional service and build strong relationships across GCIO's Third Party management and broader business and technology service management communities.
Third Party Operational Resilience Responsibilities
- Oversee mapping and lineage between Technology Third Parties (including subcontractors / nth parties) and Technology Services, Important Business Services (IBS), Critical Operations (CO), and Critical or Important Functions (CIF) ensuring accurate identification, classification and consumption of Important Technology Third Party services.
- Oversight of Third Party Operational Resilience Vulnerability Assessment process for Important Technology suppliers and management of assessment output (including vulnerability determination and socialisation). This includes data collection, analysis, thematic reviews, and supporting key stakeholders in meeting their responsibilities.
- Manage and lead engagement with core stakeholder groups (Business Service Owners, Technology Business Service Leads, Entity OpRes Leads, IT Service Owners, Supplier Managers, etc.).
- Conduct Quality Assurance across processes, including analyse of data from multiple systems and offline sources to ensure Technology owned activities are accurate and meet expected standards.
- Consolidate information across Service Chains (Business Processes, Technology Assets, Third Party Services) to enable accurate and effective decision making and action execution.
- Act as key point of contact for Operational Resilience queries relating to Technology Third Parties.
- Ensure GCIO is compliant with all applicable regulatory and internal Operational Resilience requirements.
- Manage ad-hoc requests, including those from Regulators and Second & Third Lines of Defence.
- Support dedicated programmes of work and continuous improvement, such as uplifting Important Technology Third Party services to improve resiliency and enhancing processes and tooling.
- Play a core role in operational resilience continuity planning and testing, including through uplift of robust business continuity, disaster recovery and exit plans.
IT Service Management Resilience Control Responsibilities
- Act as a key central point of contact to consult with and provide Subject Matter Expertise to Supplier facing colleagues, supporting them in reviewing and analysing responses provided by Third Parties against technology resilience control requirements throughout the service lifecycle.
- Ensure analysis and identified gaps in compliance are clearly documented to provide a consumable and coherent view of the Third Party resilience position for stakeholders across various levels of seniority and ITSM proficiency, in order to agree required uplift with the Supplier.
- Support with external discussions and, where required, lead on engagement directly with Third Parties driving effective communication of analysis to establish and jointly agree uplift plans to embed resilience, utilising effective influencing skills to drive the right outcomes.
Essential Skillset/Experience
- Subject Matter Expert with proven ability to drive, challenge, align and guide complex stakeholder groups to assure resilient outcomes.
- Demonstrable experience in Supplier / Vendor management, and understanding of end-to-end Third Party Management processes and Technology supplier portfolios
- Understanding of the broader regulatory environment in the financial services or similarly heavily regulated sector, including specifically detailed understanding and knowledge of core Third Party Resilience regulations:
- PRA SS1/21 Operational resilience: Impact tolerances for important business services
- PRA SS2/21: Outsourcing and third party risk management
- Digital Operational Resilience Act (DORA)
- EBA Guidelines on outsourcing arrangements
- Hong Kong Monetary Authority (HKMA) Supervisory Policy: OR-2 on Operational Resilience
- Strong understanding of Third Party Risk frameworks and processes, including subcontracting / nth party management and key risk domains such as cybersecurity, business continuity, and data risk.
- Clear understanding of Technology services and core areas of technology resilience.
- Proven experience in IT Service Management with deep knowledge of ITIL principles and Technology controls across solution design and implementation, recovery from disruption and the operational environment.
- Ability to be highly effective within a risk and control management environment.
- Relevant certifications would be advantageous (such as ITIL v4).