Reporting to the Head of IS Third Party Security, the Third-Party Security Risk Manager is responsible for managing and overseeing third-party risk management and assisting in the review and maintenance of the third-party risk management framework to cater for the Group’s needs and requirements.
Key Responsibilities
Proven track record and ability to operate comfortably with stakeholders at a mid-senior level (e.g., Heads of Function and Units).
Work with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements, identified risks, appetite for risk, and mitigating controls, including monitoring and reporting on the effectiveness of the controls and the impact that this has on overall security and risk.
Manage technical security assessments for the Bank’s Third-Party security with other GISD Verticals team, reporting outputs to GISD leadership, business, and technical teams for timely resolution.
Stay abreast of global and regional information security threats by reviewing threat intelligence reports from the Cyber Threat Intelligence unit.
Ensure proper delivery of ad-hoc and planned third-party technical assessments in accordance with internal information security policies and requirements or external information security regulations and standards.
Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines in line with third-party risk assessment findings and recommendations.
Desired Candidate Profile
Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, and expertise in computer networks.
Strong knowledge of banking processes and modus operandi, information security technologies, processes, and systems.
Bachelor’s degree in business, technology, or related field or equivalent years of relevant work experience is required.
Knowledge of information security risks, controls, services, objectives, and trends.
Experience in the banking and financial services sector preferred.
Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS, and other information security standards and regulations.
Following certifications are mandatory:
Certified in Risk and Information Systems Control (CRISC)
Certified Information Security Manager (CISM)
Following certifications are desirable:
Certified Cloud Security Professional (CCSP)
Certified Information Systems Security Professional (CISSP)
ISO 27001 LA
Minimum of 8-12 years of information security, risk management, and related experience is required. Banking Experience is mandatory.
Minimum of five (5) years of Information Security experience is required.
Minimum of five (5) years of Information Technology experience is preferred.
Experience in the information security risk management life cycle.
Experience with GRC tools and platforms.
Proficient in Microsoft Office products including Word, Excel, and PowerPoint.
Strong experience in project management and coordination.