We have an immediate opportunity for Risk Analyst . If you are Interested please share your resume ramya.p@lancesoft.com
Job Title - Risk Analyst - (Risk assessment , security controls)
Location - Dubai (Onsite)
Duration - 6+ Months
Key Responsibilities
- Conduct thorough assessments of new vendors across all risk areas, with a focus on information security, operational risk, financial risk, and compliance. Evaluate vendor responses to due diligence questionnaires and assess the adequacy of the provided evidence.
- Assess vendor security controls and risk management practices by analyzing evidence, identifying weaknesses, and evaluating control effectiveness.
- Perform periodic reviews of existing vendors to ensure they continue to meet security, compliance, and risk management standards, identifying any new or emerging risks.
- Identify, document, and assess risks and control gaps. Rate vendor controls and risk levels in accordance with the Bank’s methodology.
- Develop risk remediation plans to address identified issues, working with vendors to gain agreement on timelines and actions. Follow up to ensure corrective actions are implemented in a timely manner.
- Prepare assessment reports for stakeholders, documenting findings, risk levels, and remediation plans. Maintain thorough records of assessments and follow-ups.
- Work closely with internal departments, such as Legal, Risk, Compliance, and Information Security, to ensure alignment on risk expectations and facilitate effective vendor risk management.
- Identify opportunities to improve the vendor risk assessment process, including updates to questionnaires, assessment methodologies, and risk monitoring tools.
Key Requirements
- Minimum of 2 years of experience in vendor risk assessment or a similar role, with a focus on information security and IT risk management. Experience in IT audits, cybersecurity, or risk assessments is highly advantageous.
- Strong understanding of information security controls, risk management frameworks (e.g., ISO 27001, NIST, COBIT), and regulatory requirements related to outsourcing and third-party risk management.
- Proven ability to analyze complex documentation and evidence to identify potential risks and control gaps. Comfortable identifying issues, assessing risks, and developing practical remediation plans.
- Effective communicator with the ability to explain complex issues clearly and negotiate risk remediation plans with vendors and stakeholders.
- Excellent attention to detail in assessing evidence and documenting findings.
- Able to work collaboratively in a cross-functional environment, partnering with internal teams and stakeholders to support the third-party risk management objectives.
