الوظائف الحالية

اكتشف و تقدم بالطلب الآن

Manager - Third Party Risk Management

Permanent
Abu Dhabi, United Arab Emirates
13.10.2024

Manager - Third Party Risk Management

 Abu Dhabi, United Arab Emirates

 

Permanent

Job Title: Third-Party Security Manager

Role Purpose:
Reporting to the Head of IS Third Party Security, the Third-Party Security Manager is responsible for managing and overseeing third-party risk management. This role involves reviewing and maintaining the third-party risk management framework to meet the Group’s needs and requirements. The manager will assist in making informed decisions regarding strategic critical third-party vendors and proactively assessing risks.

Key Metrics:

  • Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
  • Percentage of implemented risk mitigation controls out of the total number planned.
  • Number of third-party issues remediated within target dates.
  • Percentage of compliance with relevant regulatory requirements.

Key Accountabilities:

  • Execute and supervise business services, processes, and technologies to conduct business impact analyses.
  • Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
  • Conduct detailed technical security assessments for third-party security and business operations.
  • Perform data privacy impact analyses and assist businesses and vendors as a subject matter expert (SME) in completing assessments.
  • Execute assessment projects under GISD, ensuring quality and timely delivery.
  • Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects as per departmental plans.
  • Collaborate with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements, identified risks, and mitigating controls, including monitoring and reporting on effectiveness.
  • Execute technical security assessments for third-party security, reporting outputs to GISD leadership and relevant teams for timely resolution.
  • Maintain all documentation related to third-party security, including policies, procedures, and frameworks.
  • Update and maintain the third-party asset criticality register with the latest vendor details periodically.
  • Document and maintain a register of third-party issues, ensuring all details are recorded.
  • Regularly follow up with business units on third-party issues, action plans, and target dates.
  • Support the Digital Security and Cloud Security initiatives, working with the Head of IS Third Party Security.
  • Participate in the bank’s digital transformation and cloud security initiatives as required.
  • Ensure adequate protection of the bank’s third-party ecosystem, with appropriate security controls followed by third parties accessing bank data.
  • Maintain the third-party security risk management framework aligned with the ORM framework.
  • Assist in developing strategic, tactical, and third-party risk dashboard reports.
  • Stay updated on global and regional information security threats through threat intelligence reports.
  • Manage the implementation of systems and tools to automate the third-party security risk management cycle.
  • Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines based on risk assessment findings.
  • Develop and report on third-party security KPIs and KRIs, including monthly and weekly dashboards.
  • Communicate third-party risks and remediation plans to relevant internal/external stakeholders, following up on implementation.
  • Measure, monitor, and report on third-party risks.
  • Engage staff and vendors to develop information security risk mitigation plans based on vendor risk reviews.
  • Monitor and report on the execution of information security risk mitigation plans.

Specialist Skills / Technical Knowledge Required:

  • Expert knowledge of information security systems and procedures.
  • Strong analytical and problem-solving skills, along with excellent communication skills.
  • Expertise in computer networks and cloud security.
  • Comprehensive knowledge of banking processes and information security technologies.
  • Bachelor’s degree in business, technology, or a related field, or equivalent experience.
  • Knowledge of information security risks, controls, and trends, especially concerning PII protection in alignment with laws.
  • Strong interpersonal and presentation skills with experience engaging stakeholders.
  • Experience in the banking and financial services sector preferred.
  • Fluent in English for effective communication.

Certifications:

  • Mandatory: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM).
  • Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 LA.

Previous Experience:

  • Minimum of 8-12 years in information security, risk management, or related fields, with banking experience mandatory.
  • At least five years in information security roles.
  • Preferred: Minimum of five years in information technology roles.
  • Experience with the information security risk management life cycle and GRC/privacy tools and platforms.
  • Strong project management and coordination skills.
  • Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
  • Excellent verbal and written communication and interpersonal skills.