Emplois en direct
Découvrez et Postulez pour des emplois
Tous les emplois
0
Manager - Third Party Risk Management
Permanent
Abu Dhabi, NONE
13.10.2024
Manager - Third Party Risk Management
Abu Dhabi, NONE
Permanent
Job Title: Third-Party Security Manager
Role Purpose:
Reporting to the Head of IS Third Party Security, the Third-Party Security Manager is responsible for managing and overseeing third-party risk management. This role involves reviewing and maintaining the third-party risk management framework to meet the Group’s needs and requirements. The manager will assist in making informed decisions regarding strategic critical third-party vendors and proactively assessing risks.
Key Metrics:
- Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
- Percentage of implemented risk mitigation controls out of the total number planned.
- Number of third-party issues remediated within target dates.
- Percentage of compliance with relevant regulatory requirements.
Key Accountabilities:
- Execute and supervise business services, processes, and technologies to conduct business impact analyses.
- Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
- Conduct detailed technical security assessments for third-party security and business operations.
- Perform data privacy impact analyses and assist businesses and vendors as a subject matter expert (SME) in completing assessments.
- Execute assessment projects under GISD, ensuring quality and timely delivery.
- Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects as per departmental plans.
- Collaborate with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements, identified risks, and mitigating controls, including monitoring and reporting on effectiveness.
- Execute technical security assessments for third-party security, reporting outputs to GISD leadership and relevant teams for timely resolution.
- Maintain all documentation related to third-party security, including policies, procedures, and frameworks.
- Update and maintain the third-party asset criticality register with the latest vendor details periodically.
- Document and maintain a register of third-party issues, ensuring all details are recorded.
- Regularly follow up with business units on third-party issues, action plans, and target dates.
- Support the Digital Security and Cloud Security initiatives, working with the Head of IS Third Party Security.
- Participate in the bank’s digital transformation and cloud security initiatives as required.
- Ensure adequate protection of the bank’s third-party ecosystem, with appropriate security controls followed by third parties accessing bank data.
- Maintain the third-party security risk management framework aligned with the ORM framework.
- Assist in developing strategic, tactical, and third-party risk dashboard reports.
- Stay updated on global and regional information security threats through threat intelligence reports.
- Manage the implementation of systems and tools to automate the third-party security risk management cycle.
- Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines based on risk assessment findings.
- Develop and report on third-party security KPIs and KRIs, including monthly and weekly dashboards.
- Communicate third-party risks and remediation plans to relevant internal/external stakeholders, following up on implementation.
- Measure, monitor, and report on third-party risks.
- Engage staff and vendors to develop information security risk mitigation plans based on vendor risk reviews.
- Monitor and report on the execution of information security risk mitigation plans.
Specialist Skills / Technical Knowledge Required:
- Expert knowledge of information security systems and procedures.
- Strong analytical and problem-solving skills, along with excellent communication skills.
- Expertise in computer networks and cloud security.
- Comprehensive knowledge of banking processes and information security technologies.
- Bachelor’s degree in business, technology, or a related field, or equivalent experience.
- Knowledge of information security risks, controls, and trends, especially concerning PII protection in alignment with laws.
- Strong interpersonal and presentation skills with experience engaging stakeholders.
- Experience in the banking and financial services sector preferred.
- Fluent in English for effective communication.
Certifications:
- Mandatory: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM).
- Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 LA.
Previous Experience:
- Minimum of 8-12 years in information security, risk management, or related fields, with banking experience mandatory.
- At least five years in information security roles.
- Preferred: Minimum of five years in information technology roles.
- Experience with the information security risk management life cycle and GRC/privacy tools and platforms.
- Strong project management and coordination skills.
- Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
- Excellent verbal and written communication and interpersonal skills.