Third Party Risk Management Lead

About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure. Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI. Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D. The role We are seeking a strategic and hands-on Third-Party Risk Management (TPRM) Lead to design, build, and lead a best-in-class global TPRM function. This role will be responsible for establishing the framework, governance, and operating model to identify, assess, mitigate, and monitor risks associated with third parties (including customers) across diverse business models, including B2B and B2C. The role also encompasses oversight of customer and partner risk and compliance domains, including Anti-Bribery & Corruption (ABAC), Sanctions, Export Controls, Anti-Money Laundering (AML), Human Rights, and responsible/ethical AI considerations. A key dimension of the role includes embedding industry risk assessments (e.g., high-risk sectors, dual-use technologies, regulated industries) into onboarding, due diligence, and ongoing monitoring processes. A critical component of the role includes supporting third-party and due diligence efforts in the context of mergers and acquisitions (M&A), ensuring that external risks are effectively evaluated and integrated into deal decision-making and post-transaction planning. This role will play a key part in scaling and maturing Nebius’ TPRM capabilities in line with rapid business growth and evolving regulatory expectations. Your responsibilities will include:  Strategy & Leadership Design and implement Nebius’ global Third-Party, Customer, and Customer Risk Management framework, incorporating industry risk, aligned with regulatory expectations and industry best practices Build and lead a high-performing risk team spanning third-party, customer, and partner risk domains Act as an advisor on risk exposure (vendors, customers, partners, resellers, distributors) across industries and geographies Define and track KPIs/KRIs to measure program effectiveness and maturity Define and implement TPRM systems, tooling, and workflow automation to support scalable onboarding, due diligence, and monitoring processes Third-Party, Customer, Partner & Industry Risk Lifecycle Management Establish end-to-end processes for onboarding, risk assessment, due diligence, contracting, monitoring, and offboarding across: Third-party vendors and suppliers Customers (B2B and B2C) Intermediaries such as partners, resellers, distributors, and agents Develop risk tiering methodologies that incorporate: Relationship type (supplier, customer, intermediary) Business model (B2B, B2C) Industry/sector risk (e.g., financial services, pharmaceutical, crypto, AI, telecommunications) Geographic exposure and regulatory risk Oversee due diligence processes, including KYC/KYB, beneficial ownership analysis, sanctions screening, and industry risk profiling Implement enhanced due diligence for high-risk industries, intermediaries, and jurisdictions Ensure ongoing monitoring, including adverse media screening, transaction-based triggers, sector-specific red flags, and periodic reviews Integrate risk processes with procurement, sales, partnerships, legal, compliance, and security functions Compliance & Industry Risk Lead and oversee compliance frameworks and controls across: Anti-Bribery & Corruption (ABAC), with emphasis on high-risk industries and third-party intermediaries Sanctions compliance, including sectoral sanctions and restricted industries Export controls, including dual-use goods/technology and industry-specific restrictions Anti-Money Laundering (AML) / Counter-Terrorist Financing (CTF), including sector-driven risk indicators Human Rights & ESG risks, including supply chain exposure in high-risk industries Responsible AI risk, including use cases and customers in sensitive or regulated sectors Provide risk guidance on entering or expanding into higher-risk industries or customer segments Escalate material risks to senior governance forums and recommend mitigation or risk acceptance strategies M&A Due Diligence Lead third-party, customer, partner, and industry risk due diligence for M&A transactions Partner with corporate development, regulatory and business teams to assess: Vendor and supplier ecosystems Customer portfolios (B2B and B2C exposure) Partner, reseller, and distribution networks Industry concentration risks and exposure to high-risk sectors Exposure to sanctions, AML, ABC, export control, human rights, and AI-related risks Identify potential liabilities, contractual risks, and compliance gaps, including those driven by industry exposure Support integration planning by aligning acquired entities with Nebius’ risk and compliance standards Governance, Risk & Reporting Develop and maintain policies, standards, and procedures covering third-party, customer, partner, and industry risk Ensure compliance with applicable regulations and standards (e.g., AML directives, sanctions regimes, export control laws, ESG frameworks, AI governance standards) Prepare reporting and materials for senior management, risk committees, and board-level stakeholders, including insights on industry risk exposure Stakeholder Management Collaborate closely with Procurement, Sales, Legal, Compliance, Information Security, Privacy, Finance, and business units Act as the primary point of contact for third-party, customer, partner, and industry risk matters across the organization Engage with partners, and auditors as needed Technology & Data Leverage existing screening tools (e.g., Dow Jones) and enhance their use within the broader TPRM framework Define and implement scalable workflows, automation, and system integrations to support third-party and customer risk management Drive the evolution of TPRM tooling and data capabilities in line with business growth We expect you to have:  Degree in business, law or relevant compliance field 10+ years of experience in third-party risk, financial crime compliance, or enterprise risk management Proven experience building and scaling TPRM and/or customer due diligence programs in a global organization Strong expertise in ABAC, sanctions, export controls, and broader compliance frameworks Experience managing risk across different business models (B2B, B2C) and complex partner ecosystems (resellers, distributors, agents) Experience supporting M&A transactions, including due diligence and integration Deep understanding of regulatory expectations across key jurisdictions (e.g., EU, US, UK) Competencies: Demonstrated leadership experience, including building and managing teams Strategic thinker with strong execution capabilities Excellent stakeholder management and communication skills, including at senior management Strong analytical, investigative, and risk assessment skills Ability to operate in a dynamic, high-growth environment High level of integrity and sound judgment Benefits & Perks: Competitive compensation Career growth and learning opportunities Flexibility and work-life balance Collaborative and innovative culture Opportunity to work on impactful AI projects International environment and talented teams What's it like to work at Nebius: Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI  Equal Opportunity Statement: Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law. Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire.  If you need accommodations during the application process, please let us know. Offices: (Netherlands);