Third Party Risk Management Lead

The role

We are seeking a strategic and hands-on Third-Party Risk Management (TPRM) Lead to design, build, and lead a best-in-class global TPRM function. This role will be responsible for establishing the framework, governance, and operating model to identify, assess, mitigate, and monitor risks associated with third parties (including customers) across diverse business models, including B2B and B2C.

The role also encompasses oversight of customer and partner risk and compliance domains, including Anti-Bribery & Corruption (ABAC), Sanctions, Export Controls, Anti-Money Laundering (AML), Human Rights, and responsible/ethical AI considerations. A key dimension of the role includes embedding industry risk assessments (e.g., high-risk sectors, dual-use technologies, regulated industries) into onboarding, due diligence, and ongoing monitoring processes.

A critical component of the role includes supporting third-party and due diligence efforts in the context of mergers and acquisitions (M&A), ensuring that external risks are effectively evaluated and integrated into deal decision-making and post-transaction planning.

This role will play a key part in scaling and maturing Nebius’ TPRM capabilities in line with rapid business growth and evolving regulatory expectations.

Your responsibilities will include: 

Strategy & Leadership

• Design and implement Nebius’ global Third-Party, Customer, and Customer Risk Management framework, incorporating industry risk, aligned with regulatory expectations and industry best practices
• Build and lead a high-performing risk team spanning third-party, customer, and partner risk domains
• Act as an advisor on risk exposure (vendors, customers, partners, resellers, distributors) across industries and geographies
• Define and track KPIs/KRIs to measure program effectiveness and maturity
• Define and implement TPRM systems, tooling, and workflow automation to support scalable onboarding, due diligence, and monitoring processes

Third-Party, Customer, Partner & Industry Risk Lifecycle Management

• Establish end-to-end processes for onboarding, risk assessment, due diligence, contracting, monitoring, and offboarding across:
• Third-party vendors and suppliers
• Customers (B2B and B2C)
• Intermediaries such as partners, resellers, distributors, and agents
• Develop risk tiering methodologies that incorporate:
• Relationship type (supplier, customer, intermediary)
• Business model (B2B, B2C)
• Industry/sector risk (e.g., financial services, pharmaceutical, crypto, AI, telecommunications)
• Geographic exposure and regulatory risk
• Oversee due diligence processes, including KYC/KYB, beneficial ownership analysis, sanctions screening, and industry risk profiling
• Implement enhanced due diligence for high-risk industries, intermediaries, and jurisdictions
• Ensure ongoing monitoring, including adverse media screening, transaction-based triggers, sector-specific red flags, and periodic reviews
• Integrate risk processes with procurement, sales, partnerships, legal, compliance, and security functions

Compliance & Industry Risk

• Lead and oversee compliance frameworks and controls across:
• Anti-Bribery & Corruption (ABAC), with emphasis on high-risk industries and third-party intermediaries
• Sanctions compliance, including sectoral sanctions and restricted industries
• Export controls, including dual-use goods/technology and industry-specific restrictions
• Anti-Money Laundering (AML) / Counter-Terrorist Financing (CTF), including sector-driven risk indicators
• Human Rights & ESG risks, including supply chain exposure in high-risk industries
• Responsible AI risk, including use cases and customers in sensitive or regulated sectors
• Provide risk guidance on entering or expanding into higher-risk industries or customer segments
• Escalate material risks to senior governance forums and recommend mitigation or risk acceptance strategies

M&A Due Diligence

• Lead third-party, customer, partner, and industry risk due diligence for M&A transactions
• Partner with corporate development, regulatory and business teams to assess:
• Vendor and supplier ecosystems
• Customer portfolios (B2B and B2C exposure)
• Partner, reseller, and distribution networks
• Industry concentration risks and exposure to high-risk sectors
• Exposure to sanctions, AML, ABC, export control, human rights, and AI-related risks
• Identify potential liabilities, contractual risks, and compliance gaps, including those driven by industry exposure
• Support integration planning by aligning acquired entities with Nebius’ risk and compliance standards

Governance, Risk & Reporting

• Develop and maintain policies, standards, and procedures covering third-party, customer, partner, and industry risk
• Ensure compliance with applicable regulations and standards (e.g., AML directives, sanctions regimes, export control laws, ESG frameworks, AI governance standards)
• Prepare reporting and materials for senior management, risk committees, and board-level stakeholders, including insights on industry risk exposure

Stakeholder Management

• Collaborate closely with Procurement, Sales, Legal, Compliance, Information Security, Privacy, Finance, and business units
• Act as the primary point of contact for third-party, customer, partner, and industry risk matters across the organization
• Engage with partners, and auditors as needed

Technology & Data

• Leverage existing screening tools (e.g., Dow Jones) and enhance their use within the broader TPRM framework
• Define and implement scalable workflows, automation, and system integrations to support third-party and customer risk management
• Drive the evolution of TPRM tooling and data capabilities in line with business growth

We expect you to have: 

• Degree in business, law or relevant compliance field
• 10+ years of experience in third-party risk, financial crime compliance, or enterprise risk management
• Proven experience building and scaling TPRM and/or customer due diligence programs in a global organization
• Strong expertise in ABAC, sanctions, export controls, and broader compliance frameworks
• Experience managing risk across different business models (B2B, B2C) and complex partner ecosystems (resellers, distributors, agents)
• Experience supporting M&A transactions, including due diligence and integration
• Deep understanding of regulatory expectations across key jurisdictions (e.g., EU, US, UK)

Competencies:

• Demonstrated leadership experience, including building and managing teams
• Strategic thinker with strong execution capabilities
• Excellent stakeholder management and communication skills, including at senior management
• Strong analytical, investigative, and risk assessment skills
• Ability to operate in a dynamic, high-growth environment
• High level of integrity and sound judgment