Head of Third-Party Risk Management at NEOM (2023-02 – 2026-02)
Appointed to establish and lead the enterprise-wide Third-Party Risk Management function across a sovereign giga-project of unprecedented scale. Held full decision authority for third-party risk strategy, governance, and lifecycle execution across all suppliers, investors, joint ventures, and strategic partners. Operated within highly sensitive sovereign, infrastructure, smart-city, and national transformation environments with heightened governance, resilience, and reputational requirements.
Designed and embedded a regulatory-aligned, enterprise operating model integrated into procurement and executive governance, transforming fragmented supplier oversight into a centralised, risk-based TPRM capability. Acted as the enterprise escalation point for material supplier risk, advising executive leadership on sovereign exposure, regulatory risk, and risk-based decision making.
- Enterprise remit across all NEOM delivery programmes
- 40,000+ suppliers assessed across full lifecycle
- 500,000+ adverse media items processed
- Led a 30-person function incl. internal teams, MSPs, and specialist data providers
- Transformed early-stage TPRM into a regulatory-aligned enterprise operating model
- Delivered 40% cost reduction and 60% increase in processing throughput
- Established TPRM as a core governance pillar across procurement, risk, and executive forums
- Defined the enterprise TPRM strategy, mandate, policy framework, and lifecycle controls, establishing NEOM's first centralised third-party risk capability
- Established governance forums, reporting suites, escalation routes, and decision rights, embedding TPRM into procurement governance, executive routines, and enterprise risk structures
- Acted as authoritative SME to Executive Management, CRO, CISO, COO/DCEO, CPO, CFO, Internal Audit, and risk committees
- Owned and maintained the corporate TPRM framework, ensuring alignment with KSA regulatory and compliance obligations, including: NCA Essential Cybersecurity Controls and cloud hosting requirements; PDPL and SDAIA data governance requirements; Global Reporting Initiative (GRI) Standards: Sustainability
- Integrated international standards and assurance frameworks [e.g. BSI]
- Led enterprise responses to NIA, regulatory reviews, and compliance assurance
- Owned the end-to-end third-party lifecycle, including demand intake, due diligence, risk assessment, controls validation, contractual requirements, onboarding approvals, continuous monitoring, recertification, issue management, remediation, and offboarding
- Ensured baseline controls covered cybersecurity, data privacy, operational resilience, financial crime, ESG/sustainability, ethics, compliance, and sector-specific requirements
- Embedded TPRM controls directly into procurement and sourcing workflows, reducing duplication and improving time-to-contract
- Established and chaired the enterprise Consequence Management Forum (CMF) for third-party incidents, misconduct, and material risk events
- Owned enforcement triggers, escalation paths, remediation actions, and executive sign-off
- Maintained incident runbooks, resilience dependencies, and playbooks for supplier-related disruptions
- Owned enterprise TPRM reporting, including dashboards, KRIs/KPIs, heat maps, risk registers, on-boarding SLAs, and incident reporting
- Ensured data quality, traceability, and audit defensibility of all third-party risk decisions
- Built and scaled the TPRM function, defining role design, resourcing model, delivery partners, performance metrics, and operating cadence
- Owned the TPRM budget, supplier contracts, tooling, managed services, and continuous improvement roadmap
Managing Director at DK Vendor Management Consultants Ltd (2019-03 – 2023-02)
Founder-led consultancy delivering senior advisory and hands-on transformation of TPRM frameworks across Tier 1 financial institutions.
- London Stock Exchange Group (LSEG): Senior Cyber Risk Project Manager. Led a 12-month programme assessing cyber and technology risk across 3,000 active vendors, supporting regulatory assurance and risk remediation planning.
- Tandem Bank: Vendor Risk Consultant. Delivered a rapid (12-week) assurance review of the vendor risk framework against regulatory expectations, identifying control gaps and remediation actions.
- Deutsche Bank: TPRM Consultant. Embedded within the Non-Financial Risk function to develop, govern, and operate group-wide TPRM activities.
- Jefferies: Outsourcing Consultant. Led an 8-month global enhancement of outsourcing and TPRM controls, including establishment of the Frankfurt TPRM operation.
- First Abu Dhabi Bank: Lead Outsourcing Consultant. Partnered with COO and Procurement leadership to enhance outsourcing governance and regulatory alignment.
Global Head of Vendor Risk Management, Associate Director at SMBC Nikko Capital Markets Ltd (2017-07 – 2019-03)
- Accountable for vendor risk and outsourcing oversight across 22 EMEA branches and subsidiaries
- Directed global vendor risk governance, policy, and operating standards
- Revised UK and EMEA outsourcing approach to align with SYSC 8
- Led the establishment of Frankfurt TPRM operations as part of EU regulatory restructuring
- Satisfied FCA findings following a Supervisory Review & Evaluation Process (SREP) and Section 166 notice
EMEA Supplier Governance & Oversight, Vice President at Royal Bank of Canada Capital Markets (2015-08 – 2017-07)
- Designed and implemented an EMEA-wide supplier governance framework
- Risk based focus: onboarding, oversight, and termination
- Balanced regulatory compliance with cost efficiency and supplier resilience
EMEA Vendor Risk Manager, Associate Director at Bank of Tokyo Mitsubishi UFJ (2014-06 – 2015-07)
- Led the design and implementation of the UK Vendor Risk Management framework
- Delivered enterprise-wide change programme to embed new tools, controls, and policies
- Acted as primary interface with audit and compliance stakeholders
Global Supply Chain Manager at Direct Line Group (2011-06 – 2014-05)
- Category Manager across Canada and EMEA, focused on cost, compliance, and customer outcomes
- Developed, introduced, and embedded a Vendor Management framework and category strategy
Senior Programme Manager, Director at AT&T (2009-11 – 2010-11)
- Novated 204 vendor contracts following change of outsource provider (total contract value USD 64m)
- Managed seven direct reports across London, New Jersey, and Singapore
Vice President at Credit Suisse Securities (Europe) Limited (2000-01 – 2008-06)
- Managed strategic technology and supplier operations across EMEA
- Oversaw telecoms and infrastructure supplier governance
- Led operational teams supporting London campus environments
