Job description: Job Title:Manager – Third Party Risk ManagementLocation: Abu Dhabi, NONEEmployment Type:PermanentJob Title: Third-Party Security ManagerRole Purpose:
Reporting to the Head of IS Third Party Security, the Third-Party Security Manager is responsible for managing and overseeing third-party risk management. This role involves reviewing and maintaining the third-party risk management framework to meet the Group’s needs and requirements. The manager will assist in making informed decisions regarding strategic critical third-party vendors and proactively assessing risks.Key Metrics:
Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
Percentage of implemented risk mitigation controls out of the total number planned.
Number of third-party issues remediated within target dates.
Percentage of compliance with relevant regulatory requirements.
Key Accountabilities:
Execute and supervise business services, processes, and technologies to conduct business impact analyses.
Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
Conduct detailed technical security assessments for third-party security and business operations.
Perform data privacy impact analyses and assist businesses and vendors as a subject matter expert (SME) in completing assessments.
Execute assessment projects under GISD, ensuring quality and timely delivery.
Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects as per departmental plans.
Collaborate with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements, identified risks, and mitigating controls, including monitoring and reporting on effectiveness.
Execute technical security assessments for third-party security, reporting outputs to GISD leadership and relevant teams for timely resolution.
Maintain all documentation related to third-party security, including policies, procedures, and frameworks.
Update and maintain the third-party asset criticality register with the latest vendor details periodically.
Document and maintain a register of third-party issues, ensuring all details are recorded.
Regularly follow up with business units on third-party issues, action plans, and target dates.
Support the Digital Security and Cloud Security initiatives, working with the Head of IS Third Party Security.
Participate in the bank’s digital transformation and cloud security initiatives as required.
Ensure adequate protection of the bank’s third-party ecosystem, with appropriate security controls followed by third parties accessing bank data.
Maintain the third-party security risk management framework aligned with the ORM framework.
Assist in developing strategic, tactical, and third-party risk dashboard reports.
Stay updated on global and regional information security threats through threat intelligence reports.
Manage the implementation of systems and tools to automate the third-party security risk management cycle.
Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines based on risk assessment findings.
Develop and report on third-party security KPIs and KRIs, including monthly and weekly dashboards.
Communicate third-party risks and remediation plans to relevant internal/external stakeholders, following up on implementation.
Measure, monitor, and report on third-party risks.
Engage staff and vendors to develop information security risk mitigation plans based on vendor risk reviews.
Monitor and report on the execution of information security risk mitigation plans.
Specialist Skills / Technical Knowledge Required:
Expert knowledge of information security systems and procedures.
Strong analytical and problem-solving skills, along with excellent communication skills.
Expertise in computer networks and cloud security.
Comprehensive knowledge of banking processes and information security technologies.
Bachelor’s degree in business, technology, or a related field, or equivalent experience.
Knowledge of information security risks, controls, and trends, especially concerning PII protection in alignment with laws.
Strong interpersonal and presentation skills with experience engaging stakeholders.
Experience in the banking and financial services sector preferred.
Fluent in English for effective communication.
Certifications:
Mandatory: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM).
Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 LA.
Previous Experience:
Minimum of 8-12 years in information security, risk management, or related fields, with banking experience mandatory.
At least five years in information security roles.
Preferred: Minimum of five years in information technology roles.
Experience with the information security risk management life cycle and GRC/privacy tools and platforms.
Strong project management and coordination skills.
Proficiency in Microsoft Office products (Word, Excel, PowerPoint).
Excellent verbal and written communication and interpersonal skills.
Expected salary:
Location: Abu Dhabi
Job date: Tue, 12 Nov 2024 23:45:10 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck