09 Oct
Abu Dhabi Islamic Bank PJSC
United Arab Emirates
Role: Manager - Third Party Risk Management
Location: Abu Dhabi
Role Purpose:
Reporting to the Head of IS Third Party Security, the Third-Party Security Manager is responsible for managing and overseeing Third Party risk management and assisting in the review and maintenance of the third-party risk management framework to cater for the Group’s needs and requirements.
He will assist the Head of IS Third Party Security in making informed decisions for strategic critical third-party vendors and assessing the risk in a proactive manner.
Participates in developing information security risk mitigation strategies to ensure that risks are reduced to an acceptable level for all third parties,
comply with relevant information security laws and regulations, increase operational efficiency, and achieve ADIB’s information security objectives.
Key Accountabilities of the Role:
- Execute and supervise business services, processes, and technologies to conduct business impact analysis.
- Support the Head of IS Third Party Security in articulating risk appetite and risk management and third-party security requirements.
- Execute and conduct detailed technical security assessments for Third Party Security and Business Operations.
- Execute detailed Data Privacy Impact Analysis, assisting and helping the business and vendors as SME to complete the assessment.
- Execute assessment projects under GISD and be accountable for delivery, quality, and timeliness of assigned projects.
- Coordinate with subsidiaries and international business units to deliver related assessments for third parties and projects according to the department plan.
- Work with internal audit, business units, VMCP, FRM, and ORM teams to align third-party security requirements,
identified risks, appetite for risk, and mitigating controls, including monitoring and reporting on the effectiveness of the controls and their impact on overall security and risk.
- Execute technical security assessments for the Bank’s Third-Party security with other GISD Verticals teams, reporting the outputs to GISD leadership, business, and technical teams for timely resolution.
- Maintain all documentation related to the Third Party Security unit, including policies, procedures, and frameworks.
- Execute and maintain the third-party asset criticality register, ensuring it is updated with the latest vendor details periodically.
- Ensure all third-party issues and risks are reported and notified to the relevant units within GISD.
- Document and maintain all issues in the third-party issues register with all relevant details.
- Carry out regular follow-ups with business units and internal GISD units related to third-party issues, their action plans, and target dates.
- Support the Digital Security and Cloud Security initiatives of the bank and work with the Head of IS Third Party in executing the same.
- Participate in the bank’s digital transformation and cloud security initiatives as needed and instructed by the Head of IS Third Party Security.
- Ensure the bank’s Third Party and Third-Party ecosystem is adequately protected, with adequate information security controls followed by the third parties accessing the Bank’s data, and periodically review information security controls of strategic and critical Third parties, suppliers,
and service providers.
- Help maintain and upkeep the Third-Party Security risk management framework aligned to ORM framework.
- Assist in developing strategic, tactical, and third-party risk dashboard reports.
- Stay abreast of global and regional information security threats by reviewing threat intelligence reports from the Cyber Threat Intelligence unit.
- Manage the implementation of systems and tools to automate the end-to-end Third-party security risk management cycle.
- Work with the Head of IS Third Party Security for continuous improvements in policies, procedures, standards, and guidelines in line with third party risk assessment findings and recommendations.
- Develop and assist in reporting on Third party security KPIs and KRIs and monthly/weekly dashboards to be reported in various forums.
- Participate in communicating third-party risks to relevant internal/external stakeholders as well as risk remediation plans and follow up on their implementation.
- Measure, monitor, and report on third-party risks.
- Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews.
- Monitor and report on information security risk mitigation plans to ensure timely execution.
Specialist Skills / Technical Knowledge Required for this Role:
- Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, expertise in computer networks and cloud security.
- Strong knowledge of banking processes and modus operandi, information security technologies, processes, and systems.
- Bachelor’s degree in business, technology, or related field or equivalent years of relevant work experience is required.
- Knowledge of information security risks, controls, services, objectives, and trends in protecting PII in alignment with local and global laws and regulations.
- Expertise in engaging with stakeholders.
- Experience in the banking and financial services sector preferred.
- Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS, and other information security standards and regulations.
- Strong interpersonal, verbal, written, and presentation skills.
- Fluent in English to effectively communicate and convey departmental messages.
- Following certifications are mandatory:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Following certifications are desirable:
- Certified Cloud Security Professional (CCSP)
- Certified Information Systems Security Professional (CISSP)
- ISO 27001 LA
- Minimum of five (5) years of Information Security experience is required.
- Minimum of eight (5) years of Information Technology experience is preferred.
- Experience in the information security risk management life cycle.
- Experience with GRC / Privacy tools and platforms.
- Excellent verbal and written communication skills.
- Excellent interpersonal skills.
- Ability to work effectively with peers, IT management and staff, and internal/external business partners.
- Proficient in Microsoft Office products including Word, Excel, and PowerPoint.
- Strong experience in project management and coordination.
Previous Experience:
Minimum of 8-12 years of information security, risk management, and related experience is required. Banking experience is mandatory.
#J-18808-Ljbffr
▶️ Manager - Third Party Risk Management United Arab Emirates Posted on 01/04/2024 Trending
🖊️ Abu Dhabi Islamic Bank PJSC
📍 United Arab Emirates