ROLE PURPOSE:
Reporting to the Head of IS Third Party Security. Third-Party Security Risk Manager is responsible for managing and overseeing Third Party risk management and assist in the review and maintenance of the third-party risk management framework to cater for the Group’s needs and requirements.
He will assist the Head of IS Third Party Security in taking informed decision for strategic critical third-party vendors and assessing the risk in a pro-active manner.
Participates in developing information security risk mitigation strategies to ensure that risks are reduced to an acceptable level for all third parties, comply with relevant information security laws and regulations, increase operational efficiency, and achieve ADIB’s information security objectives.
Key Accountabilities and Responsibilities of the role:
• Manage and supervise business services, processes, and technologies to conduct business impact analysis.
• Support the Head of IS Third Party Security in its articulation of risk appetite and risk management and third-party security requirements.
• Manage and conduct detailed technical security assessment for Third Party Security and Business Operations.
• Proven track record and ability to operate comfortably with stakeholders at a mid-senior level (e.g., Heads of Function and Units).
• Work with internal audit, business units, VMCP, FRM and ORM teams to align third party security requirements, identified risks, appetite for risk and mitigating controls, including the monitoring, and reporting on the effectiveness of the controls and the impact that this has on the overall security and risk.
• Ability to anticipate issues, identify solutions and provide clear guidance to the Management to enable it to meet its governance and control obligations across the group.
• Manage technical security assessments for the Bank’s Third-Party security with other GISD Verticals team, report the outputs to GISD leadership, business, and technical teams for timely resolution.
• Ensure bank’s Third Party and Third-Party ecosystem is adequately protected. Adequate information security controls are followed by the third parties accessing Bank’s data. And periodically review information security controls
of strategic and critical Third parties, suppliers, and service providers.
• Help in maintenance and upkeep of the Third-Party Security risk management framework.
• Assist in developing strategic, tactical, and third-party risk dashboard reports.
• Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Cyber Threat Intelligence unit.
• Ensure proper delivery of ad-hoc and planned third party technical assessments in accordance with internal information security policies and requirements or external information security regulations and standards.
• Manage the implementation of systems and tools to automate the end-to-end Third-party security risk management cycle.
• Work with the Head of IS Third Party Security for the continuous improvements in policies, procedures, standards, and guidelines in line with third party risk assessment findings and recommendations.
• Develop and assist in reporting on Third party security KPIs and KRIs.
• Participate in communicating third party risks to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation.
• Measure, monitor, and report on third party risks.
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews.
• Monitor and report on information security risk mitigation plans to ensure timely execution.
Specialist Skills / Technical Knowledge and Qualifications Required for This Role:
• Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, expertise in computer networks.
• Strong knowledge of banking processes and modus operandi, information security technologies, processes, and systems
• Bachelor’s degree in business, technology or related field or equivalent years of relevant work experience is required.
• Knowledge of information security risks, controls, services, objectives, and trends
• Strong interpersonal, verbal, written and presentation skills.
• Expertise in engaging with stakeholders.
• Experience in banking and financial service sector preferred.
• Fluent in English to effectively communicate and convey departmental messages.
• Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations.
• Following certifications are mandatory:
1- Certified in Risk and Information Systems Control (CRISC)
2- Certified Information Security Manager (CISM)
• Following certifications are desirable:
1- Certified Cloud Security Professional (CCSP)
2- Certified Information Systems Security Professional (CISSP)
3- ISO 27001 LA
Previous Experience:
• Minimum of 8-12 years of information security, risk management and related experience is required. Banking Experience is mandatory.
• Minimum of five (5) years of Information Security experience is required
• Minimum of eight (5) years Information Technology experience is preferred
• Experience in the information security risk management life cycle
• Experience with GRC tools and platforms
• Excellent verbal and written communication skills
• Strong attention to detail
• Excellent interpersonal skills
• Ability to work effectively with peers, IT management and staff, and internal/external business partners
• Proficient in Microsoft Office products including Word, Excel, and PowerPoint
• Strong experience in project management and coordination
