Manager - Third Party Risk Management

Manager - Third Party Risk Management

 Abu Dhabi, NONE

 

Permanent

Job Title: Third-Party Security Manager

Role Purpose:
Reporting to the Head of IS Third Party Security, the Third-Party Security Manager is responsible for managing and overseeing third-party risk management. This role involves reviewing and maintaining the third-party risk management framework to meet the Group’s needs and requirements. The manager will assist in making informed decisions regarding strategic critical third-party vendors and proactively assessing risks.

Key Metrics:

• Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
• Percentage of implemented risk mitigation controls out of the total number planned.
• Number of third-party issues remediated within target dates.
• Percentage of compliance with relevant regulatory requirements.

Key Accountabilities:

• Execute and supervise business services, processes, and technologies to conduct business impact analyses.
• Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
• Conduct detailed technical security assessments for third-party security and business operations.
• Perform data privacy impact analyses and assist businesses and vendors as a subject matter expert (SME) in completing assessments.
• Execute assessment projects under GISD, ensuring quality and timely delivery.
• Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects as per departmental plans.
• Collaborate with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements, identified risks, and mitigating controls, including monitoring and reporting on effectiveness.
• Execute technical security assessments for third-party security, reporting outputs to GISD leadership and relevant teams for timely resolution.
• Maintain all documentation related to third-party security, including policies, procedures, and frameworks.
• Update and maintain the third-party asset criticality register with the latest vendor details periodically.
• Document and maintain a register of third-party issues, ensuring all details are recorded.
• Regularly follow up with business units on third-party issues, action plans, and target dates.
• Support the Digital Security and Cloud Security initiatives, working with the Head of IS Third Party Security.
• Participate in the bank’s digital transformation and cloud security initiatives as required.
• Ensure adequate protection of the bank’s third-party ecosystem, with appropriate security controls followed by third parties accessing bank data.
• Maintain the third-party security risk management framework aligned with the ORM framework.
• Assist in developing strategic, tactical, and third-party risk dashboard reports.
• Stay updated on global and regional information security threats through threat intelligence reports.
• Manage the implementation of systems and tools to automate the third-party security risk management cycle.
• Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines based on risk assessment findings.
• Develop and report on third-party security KPIs and KRIs, including monthly and weekly dashboards.
• Communicate third-party risks and remediation plans to relevant internal/external stakeholders, following up on implementation.
• Measure, monitor, and report on third-party risks.
• Engage staff and vendors to develop information security risk mitigation plans based on vendor risk reviews.
• Monitor and report on the execution of information security risk mitigation plans.

Specialist Skills / Technical Knowledge Required:

• Expert knowledge of information security systems and procedures.
• Strong analytical and problem-solving skills, along with excellent communication skills.
• Expertise in computer networks and cloud security.
• Comprehensive knowledge of banking processes and information security technologies.
• Bachelor’s degree in business, technology, or a related field, or equivalent experience.
• Knowledge of information security risks, controls, and trends, especially concerning PII protection in alignment with laws.
• Strong interpersonal and presentation skills with experience engaging stakeholders.
• Experience in the banking and financial services sector preferred.
• Fluent in English for effective communication.

Certifications:

• Mandatory: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM).
• Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 LA.

Previous Experience:

• Minimum of 8-12 years in information security, risk management, or related fields, with banking experience mandatory.
• At least five years in information security roles.
• Preferred: Minimum of five years in information technology roles.
• Experience with the information security risk management life cycle and GRC/privacy tools and platforms.
• Strong project management and coordination skills.
• Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
• Excellent verbal and written communication and interpersonal skills.