Senior Manager Vendor & Outsourcing Steering

Benefits

Additional Information

Solaris is Europe's leading embedded finance platform. Solaris' full German banking license and proprietary modular B2B tech stack empowers its partners - from SMEs to large, multinational, non-financial companies - to offer compliant, customer-centric banking services, providing seamless experiences to customers across all industries. Founded in 2016, Solaris pioneered the Banking-as-a-Service market with an unparalleled combination of tech and banking. Solaris is headquartered in Berlin and employs 300 people in Europe. We are seeking a highly experienced and strategic Senior Manager for Vendor and Outsourcing Management to drive our outsourcing and third-party risk management initiatives within the 1st Line of Defense (1LoD). In this critical role, you will be responsible for the end-to-end lifecycle management of our critical ICT (Information and Communication Technology) and non-ICT service providers. As a German financial institution, we operate in a strict regulatory environment. You will ensure that our vendor ecosystem is fully compliant with internal risk appetites as well as crucial external regulatory frameworks, most notably the Digital Operational Resilience Act (DORA), the EBA AI Act and Outsourcing related regulation MaRisk (AT 9). Your Role 1st Line of Defense Ownership: Act as the primary risk owner for assigned third-party vendor relationships, identifying, assessing, and mitigating vendor-related risks in alignment with the bank's enterprise risk management framework. DORA & Regulatory Compliance: Ensure all ICT third-party relationships comply with DORA requirements. Maintain the bank's Information Register for all ICT third-party arrangements and ensure appropriate contractual provisions are implemented and monitored. Outsourcing Lifecycle Management: Oversee the entire vendor lifecycle (initiation, due diligence, onboarding, continuous monitoring, and exit strategies) for critical and important outsourcing functions according to applicable guidelines. Performance & SLA Management: Establish, negotiate, and monitor strict Service Level Agreements (SLAs) and Key Performance Indicators (KPIs). Conduct regular business reviews with key vendors to drive performance and resolve operational issues. Contract Negotiation: Partner with Legal and Procurement teams to negotiate vendor contracts, ensuring all regulatory clauses (e.g., audit rights, sub-outsourcing restrictions, data protection, and exit plans) are robustly integrated. Risk Mitigation & Incident Response: Collaborate closely with the 2nd Line of Defense (Risk, Compliance, InfoSec) to remediate audit findings. Ensure vendors have tested and proven Business Continuity and Disaster Recovery plans in place. Stakeholder Management: Act as the central point of contact between internal business owners, external vendors, and 2nd/3rd line control functions. Advise senior management on vendor risk exposure and strategic sourcing decisions. We'd love to see Depending on your level of experience, your responsibilities and scope of role will range. We don't care much about fancy titles, but rather about real personal and professional development, as laid out in our learning framework. Let's figure together out how you can contribute to our team. Master's or Bachelor's degree in Business Administration, Information Technology, Finance, Law, or a related discipline. 7-10 years of experience in Vendor Management, Third-Party Risk Management (TPRM), Procurement, or IT Service Management within the financial services/banking sector. Proven track record working directly within a 1st Line of Defense function, taking ownership of operational processes and the associated risks. Deep, practical understanding of European and German banking regulations regarding outsourcing and IT security. Specifically: DORA, EBA Guidelines on Outsourcing, MaRisk (particularly AT 9) Extensive experience in negotiating complex IT and business process outsourcing (BPO) contracts, including cloud service agreements (SaaS, PaaS, IaaS). Demonstrated ability to lead cross-functional initiatives, influence stakeholders without direct authority, and drive a culture of risk awareness. Business fluency in German and English (both written and spoken) is mandatory for interacting with local regulators (BaFin) and global vendors. Industry-recognized certifications in risk management, audit, or service management are highly desirable (e.g., CISM, CISA, CRISC, ITIL, or specialized TPRM certifications) are a strong plus Strong ability to analyze complex vendor risk assessments, SOC reports, and financial health metrics. Pragmatic and proactive approach to resolving vendor-related operational incidents and supply chain disruptions.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Solaris? Share your experience