Job Summary: We are seeking a Third Party Risk Management (TPRM) specialist with experience in end-to-end DORA implementation within the financial sector, leading the adaptation of third-party risk frameworks and ICT controls. Key Highlights: 1. Leadership in DORA implementation for third-party risk. 2. Design and implementation of a DORA-aligned TPRM model. 3. Continuous training in operational resilience and financial regulation. TPRM and Third-Party Risk Specialist | DORA Implementation Excelia is a leading multinational firm in Consulting, Technology, and Professional Services, with over 25 years of excellence-driven history! We operate in more than 50 countries across Europe, Latin America, and the United States, from our 9 strategically located offices. We are currently seeking a professional specialized in Third Party Risk Management (TPRM), with direct experience in end-to-end implementation of the Digital Operational Resilience Act (DORA) within financial sector entities. Proven experience leading the adaptation of third-party risk frameworks, outsourcing processes, and ICT controls to European regulatory requirements, ensuring regulatory compliance and operational resilience. Responsibilities Leadership in implementing the DORA framework within the scope of third-party risk, including regulatory gap analysis, roadmap definition, and execution of the adaptation plan. Design and implementation of a DORA-aligned TPRM model, incorporating Regulatory Technical Standards (RTS) and EBA Guidelines on Outsourcing. Adaptation and updating of policies, procedures, and controls for critical suppliers in accordance with DORA requirements. Identification and classification of Critical or Important Functions (CIF) and critical ICT providers. Design and maintenance of the third-party information register mandated by DORA. Execution of enhanced due diligence on critical ICT providers and assessment of concentration risk. Definition of mandatory DORA contractual clauses in coordination with Legal and Procurement teams. Implementation of continuous monitoring processes, periodic re-evaluations, and regulatory reporting. Participation in operational resilience testing and coordination of incident scenarios involving third parties. Preparation of documentation and evidence for supervisors and regulatory audits. Requirements Experience and Key Skills Demonstrable experience in practical DORA implementation, particularly within the pillar of third-party ICT risk management. Experience conducting DORA gap assessments, defining action plans, and tracking them to closure. In-depth knowledge of DORA RTS, EBA Guidelines on Outsourcing, NIS2, and ISO 27001. Experience managing ICT suppliers in regulated environments (financial, fintech, insurance). Ability to translate complex regulatory requirements into operational processes and measurable controls. Executive communication skills for reporting to senior management and governance bodies. Structured, analytical profile oriented toward compliance and resilience. Location Madrid, with a hybrid working model (1 day per week onsite). What We Offer? Stable employment with an international company delivering strategic projects in the financial sector. Salary band commensurate with your experience and professional trajectory. Flexible compensation. Continuous training in operational resilience, financial regulation, and ICT risk management. ⏰ Flexible working hours and a hybrid work model.