الوظائف الحالية

اكتشف و تقدم بالطلب الآن

Third-Party Security Manager

Contract
Abu Dhabi, United Arab Emirates
13.10.2024

Third-Party Security Manager

 Abu Dhabi, United Arab Emirates

 

Contract

Role Purpose:
The Third-Party Security Manager is responsible for managing and overseeing third-party risk management and assisting in the review and maintenance of the third-party risk management framework to meet the Group's needs. This role involves supporting the Head of IS Third Party Security in making informed decisions regarding critical third-party vendors and proactively assessing associated risks.

Key Metrics:

  • Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
  • Percentage of implemented risk mitigation controls from the total number of planned controls.
  • Number of third-party issues remediated within target dates.
  • Percentage of compliance with relevant regulatory requirements.

Key Accountabilities of the Role:

  • Execute and supervise business services, processes, and technologies to conduct business impact analyses.
  • Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
  • Conduct detailed technical security assessments for third-party security and business operations.
  • Perform data privacy impact analyses and assist businesses and vendors in completing assessments as a subject matter expert.
  • Manage assessment projects under GISD, ensuring quality and timeliness of delivery.
  • Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects per departmental plans.
  • Collaborate with internal audit, business units, and risk management teams to align third-party security requirements and mitigating controls.
  • Execute technical security assessments for third-party security, reporting findings to GISD leadership and relevant teams.
  • Maintain documentation related to the third-party security unit, including policies, procedures, and frameworks.
  • Keep the third-party asset criticality register updated with vendor details periodically.
  • Report and notify relevant units within GISD of all third-party issues and risks.
  • Document and maintain all issues in the third-party issues register.
  • Follow up regularly with business units on third-party issues and their action plans.
  • Support digital security and cloud security initiatives and participate in the bank's digital transformation efforts.
  • Ensure that third-party ecosystems are adequately protected and that security controls are followed by all third parties accessing bank data.
  • Assist in maintaining the third-party security risk management framework aligned with the ORM framework.
  • Develop and assist in reporting on third-party security KPIs and KRIs through dashboards for various forums.
  • Communicate third-party risks and remediation plans to relevant stakeholders and ensure follow-up on implementation.
  • Measure, monitor, and report on third-party risks.
  • Engage staff and vendors to develop risk mitigation plans for identified risks in vendor reviews.
  • Monitor and report on the execution of information security risk mitigation plans.

Specialist Skills / Technical Knowledge Required for This Role:

  • Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, and excellent communication abilities.
  • Strong knowledge of banking processes, information security technologies, and risk management practices.
  • Bachelor's degree in business, technology, or a related field, or equivalent relevant work experience.
  • Knowledge of information security risks, controls, and protecting PII in compliance with local and global laws.
  • Strong interpersonal and presentation skills; ability to engage effectively with stakeholders.
  • Experience in the banking and financial services sector preferred.
  • Fluent in English.

Certifications Required:

  • Mandatory: Certified in Risk and Information Systems Control (CRISC) and Certified Information Security Manager (CISM).
  • Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor.

Previous Experience:

  • Minimum of 8-12 years in information security, risk management, and related fields; banking experience is mandatory.
  • At least 5 years of direct information security experience.
  • Preferred: 5 years in information technology.
  • Experience with GRC/privacy tools and platforms.
  • Strong communication and interpersonal skills.
  • Proficient in Microsoft Office (Word, Excel, PowerPoint).
  • Strong project management and coordination experience.