Aktuelle Jobs
Entdecken und Bewerben Sie sich für Jobs
Alle Jobs
0
Third-Party Security Manager
Contract
Abu Dhabi, NONE
13.10.2024
Third-Party Security Manager
Abu Dhabi, NONE
Contract
Role Purpose:
The Third-Party Security Manager is responsible for managing and overseeing third-party risk management and assisting in the review and maintenance of the third-party risk management framework to meet the Group's needs. This role involves supporting the Head of IS Third Party Security in making informed decisions regarding critical third-party vendors and proactively assessing associated risks.
Key Metrics:
- Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
- Percentage of implemented risk mitigation controls from the total number of planned controls.
- Number of third-party issues remediated within target dates.
- Percentage of compliance with relevant regulatory requirements.
Key Accountabilities of the Role:
- Execute and supervise business services, processes, and technologies to conduct business impact analyses.
- Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
- Conduct detailed technical security assessments for third-party security and business operations.
- Perform data privacy impact analyses and assist businesses and vendors in completing assessments as a subject matter expert.
- Manage assessment projects under GISD, ensuring quality and timeliness of delivery.
- Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects per departmental plans.
- Collaborate with internal audit, business units, and risk management teams to align third-party security requirements and mitigating controls.
- Execute technical security assessments for third-party security, reporting findings to GISD leadership and relevant teams.
- Maintain documentation related to the third-party security unit, including policies, procedures, and frameworks.
- Keep the third-party asset criticality register updated with vendor details periodically.
- Report and notify relevant units within GISD of all third-party issues and risks.
- Document and maintain all issues in the third-party issues register.
- Follow up regularly with business units on third-party issues and their action plans.
- Support digital security and cloud security initiatives and participate in the bank's digital transformation efforts.
- Ensure that third-party ecosystems are adequately protected and that security controls are followed by all third parties accessing bank data.
- Assist in maintaining the third-party security risk management framework aligned with the ORM framework.
- Develop and assist in reporting on third-party security KPIs and KRIs through dashboards for various forums.
- Communicate third-party risks and remediation plans to relevant stakeholders and ensure follow-up on implementation.
- Measure, monitor, and report on third-party risks.
- Engage staff and vendors to develop risk mitigation plans for identified risks in vendor reviews.
- Monitor and report on the execution of information security risk mitigation plans.
Specialist Skills / Technical Knowledge Required for This Role:
- Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, and excellent communication abilities.
- Strong knowledge of banking processes, information security technologies, and risk management practices.
- Bachelor's degree in business, technology, or a related field, or equivalent relevant work experience.
- Knowledge of information security risks, controls, and protecting PII in compliance with local and global laws.
- Strong interpersonal and presentation skills; ability to engage effectively with stakeholders.
- Experience in the banking and financial services sector preferred.
- Fluent in English.
Certifications Required:
- Mandatory: Certified in Risk and Information Systems Control (CRISC) and Certified Information Security Manager (CISM).
- Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor.
Previous Experience:
- Minimum of 8-12 years in information security, risk management, and related fields; banking experience is mandatory.
- At least 5 years of direct information security experience.
- Preferred: 5 years in information technology.
- Experience with GRC/privacy tools and platforms.
- Strong communication and interpersonal skills.
- Proficient in Microsoft Office (Word, Excel, PowerPoint).
- Strong project management and coordination experience.