Details

 

About the Company

Petroleum Development Oman is the leading exploration and production company in the Sultanate of Oman. The Company delivers the majority of the country's crude oil production and natural gas supply

Purpose of the Job

The Third-Party Risk Management Lead is responsible for overseeing and managing the organization’s third-party risk management (TPRM) program. This role involves evaluating and mitigating risks associated with any third-party engagements, including suppliers, vendors, contractors, government bodies, entities, and other partners, ensuring compliance with regulatory requirements, and safeguarding the organization’s assets and reputation.

Education & Experience

• Bachelor’s degree in business administration, Legal, Risk Management, Finance, or a related field.
• Professional certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Risk Management Professional (CRMP) are desirable.
• Minimum of 10 years of experience in third-party risk management, vendor management, or a related field. Preferred experience in Oil and Gas sector.
• Strong understanding of risk management principles, regulatory requirements, and industry best practices.
• Strong knowledge and understanding of third-party risk management, including risk assessment, due diligence, and monitoring.
• In-depth understanding of procurement and commercial processes.
• Excellent analytical, problem-solving, and decision-making skills.
• Effective communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.
• Experience with risk management tools and technologies is a plus.
• Familiarity with data analysis techniques and tools
   

Main Responsibilities

1. Program Development and Implementation

• Develop and implement a comprehensive third-party risk management (TPRM) framework, policies, and procedures.
• Establish risk assessment methodologies and criteria for evaluating third-party vendors.
• Ensure the TPRM program aligns with the organization’s risk appetite and regulatory requirements.

2. Risk Assessment and Mitigation

• Conduct thorough risk assessments of third-party vendors, including due diligence and ongoing monitoring.
• Identify potential risks (e.g., operational, financial, reputational, compliance) and develop mitigation strategies.
• Collaborate with internal stakeholders (e.g., Integrated Supply Chain, External Relationships, Contract Owners and Holders, etc.) to ensure risk mitigation measures are implemented effectively.

3. Due Diligence:

• Oversee the due diligence process for onboarding new third parties.
• Ensure all third parties comply with PDO Code of Conduct, policies, ethical standards, and regulatory requirements.
• Conduct periodic reviews and audits of third-party performance and risk exposure.

4. Vendor Management

• Establish and maintain relationships with third-party vendors and partners.
• Conduct periodic/ad hoc reviews and compliance audits of third-party vendors to ensure adherence to the organization's standards.
• Implement continuous monitoring processes to track third-party risk indicators.
• Prepare and present regular risk reports to senior management and relevant stakeholders.
• Lead investigations into incidents involving third parties, including breaches of contract, compliance violations, and ethical issues.
• Develop and implement corrective action plans to address identified risks and prevent recurrence.

5. Regulatory Compliance:

• Stay updated on relevant regulatory requirements and industry best practices related to third-party risk management.
• Ensure the organization complies with applicable laws, regulations, and standards.
• Prepare and present reports on third-party risk management activities to senior management and regulatory bodies.

6. Training and Awareness:

• Develop and deliver training programs to educate internal stakeholders on third-party risk management policies and procedures.
• Promote awareness of third-party risk management across the organization.

7. Incident Management:

• Respond to third-party risk incidents, support conducting internal investigations by E&C Investigations Team and develop corrective action plans.
• Coordinate with legal, compliance, and other relevant departments to address and resolve issues.