Manager Third Party Risk Management Job Vacancy in UAE Abdu Dhabi
Reporting to the Head of IS Third Party Security, the Third-Party Security Manager is responsible for managing and overseeing third-party risk management. This role involves reviewing and maintaining the third-party risk management framework to meet the Group's needs and requirements. The manager will assist in making informed decisions regarding strategic critical third-party vendors and proactively assessing risks.
Key Metrics:
Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
Percentage of implemented risk mitigation controls out of the total number planned.
Number of third-party issues remediated within target dates.
Percentage of compliance with relevant regulatory requirements.
Key Accountabilities:
Execute and supervise business services, processes, and technologies to conduct business impact analyses.
Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
Conduct detailed technical security assessments for third-party security and business operations.
Perform data privacy impact analyses and assist businesses and vendors as a subject matter expert (SME) in completing assessments.
Execute assessment projects under GISD, ensuring quality and timely delivery.
Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects as per departmental plans.
Collaborate with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements, identified risks, and mitigating controls, including monitoring and reporting on effectiveness.
Execute technical security assessments for third-party security, reporting outputs to GISD leadership and relevant teams for timely resolution.
Maintain all documentation related to third-party security, including policies, procedures, and frameworks.
Update and maintain the third-party asset criticality register with the latest vendor details periodically.
Document and maintain a register of third-party issues, ensuring all details are recorded.
Regularly follow up with business units on third-party issues, action plans, and target dates.
Support the Digital Security and Cloud Security initiatives, working with the Head of IS Third Party Security.
Participate in the bank's digital transformation and cloud security initiatives as required.
Ensure adequate protection of the bank's third-party ecosystem, with appropriate security controls followed by third parties accessing bank data.
Maintain the third-party security risk management framework aligned with the ORM framework.
Assist in developing strategic, tactical, and third-party risk dashboard reports.
Stay updated on global and regional information security threats through threat intelligence reports.
Manage the implementation of systems and tools to automate the third-party security risk management cycle.
Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines based on risk assessment findings.
Develop and report on third-party security KPIs and KRIs, including monthly and weekly dashboards.
Communicate third-party risks and remediation plans to relevant internal/external stakeholders, following up on implementation.
Measure, monitor, and report on third-party risks.
Engage staff and vendors to develop information security risk mitigation plans based on vendor risk reviews.
Monitor and report on the execution of information security risk mitigation plans.
Specialist Skills / Technical Knowledge Required: