Manager- Third Party Risk Management

Manager- Third Party Risk Management

Abu Dhabi Islamic Bank
10-12 years
Not Specified

Job Description

Role : Manager- Third Party Risk Management
Location :Abu Dhabi

Role Purpose:
Reporting to the Head of IS Risk Management and Supply Chain Security, this role is required to support IS Risk Management unit in conducting detailed Information Security Risk assessment for third parties and vendors, review risk management framework, policies, and procedures in GISD. Objective is to ensure risk related security controls are developed, approved, implemented, and are proactively protecting ADIB Group's environment fromevolving risks, threats, and attacks.
Roles & Responsibilities:
The IS Risk Management and Supply Chain Security Unit ensures that risks are reduced to an acceptable degree without affecting overall bank's direction and future growth.
Part of the responsibilities is to
  • Conduct detailed information security risk assessment as per the agreed annual RA plan as well as ad-hoc assessments and security review requirements from business.
  • Technical expertise in identifying potential vulnerabilities and issues in applications and systems.
  • Regular review of existing framework, policies, and procedures. Updating the documents as and when required.
  • Support Head of IS Risk Management in identifying areas of potential risks in processes and provide mitigating solutions as per approved framework.
  • Communicate and coordinate with ADIB GISD staff, ADIB business units and Vendors with regards to risk assessments, security reviews and regular action item follow-up.
  • Regularly maintain and update the Risk Register with latest information.
  • Prepare weekly, monthly reports and dashboards for the management.
  • Have a good understanding of cloud computing and cloud security concepts.
  • Support Head of IS Risk Management in updating and maintaining the annual risk review plan in consultation with other key stakeholders.
Key Accountabilities of the role
  • Design, implement, and manage core Third Party Risk Management (TPRM) processes to monitor, mitigate and report on risk from third party relationships especially vendors and clients. This includes leading the TPRM team efforts on:
    • Vendor risk assessments, vendor audits, vendor onboarding, vendor document refresher/review, vendor termination procedures and compliance with regulatory and contractual requirements
    • Monitoring and reporting on regulatory risk and other potential information security risks from keyvendors and clients
    • Providing periodic risk reports to leadership team on key risks and mitigation strategies.
    • Lead cross-functional initiatives within GISD and other internal stakeholders to:
    • Monitor, mitigate and report on risk from third party relationships.
    • Help increase vendor productivity/performance.
    • Ensure compliance with applicable legal/regulatory and contractual requirements.
    • Drive continuous process improvement initiatives to maintain alignment with industry best practices
    • Improve existing strategies, operations review, oversight planning and reporting.
    • Document and maintain a Supply Chain Security Risk Management Framework as per industry best practices.
    • Identify, list and classify all vendors and suppliers for the bank. The list to be maintained and updated on a regular basis.
    • Serve as a Subject Matter Expert (SME) for GISD to identify and address key third party related risks and areas of concerns associated with new and existing third-party relationships.
    • Facilitating in person and virtual site visits to validate third-party controls.
    • Maintain expertise on security trends through training and research to mitigate potential security exposures.
    • Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Group Information Security Department's (GISD) Cyber Threat Intelligence unit and reflect findings while identifying risks
    • Review information related to current information security vulnerabilities across ADIB by reviewing security/vulnerabilities assessments and penetration testing reports delivered by GISD's Attack Surface Reduction unit, and reflect findings while identifying risks
    • Review and deliver ad-hoc and planned risk assessments in accordance with internal information security policies and requirements or external information security regulations and standards.
    • Oversee and monitor the risk mitigation plans and collaborate with relevant business units, vendors/suppliers to ensure an effective implementation of mitigating controlsand action plan
    • Participate in the implementation of systems and tools to automate the end-to-end information security risk management cycle.
    • Work with the Head of IS Risk Management for the continuous improvements in policies, procedures, standards, and guidelines in line with risk assessment findings and recommendations.
    • Assist management in preparing management reports highlighting the Group's risk status and posture.
    • Develop, update, measure, and report on risk management KPIs and KRI's
    • Assist to identify initiatives to continuously improve risk performance and develop remediation steps that help the Group entities reduce the risk to an acceptable level, comply with applicable laws and regulations, increase operational efficiency, and meet IS goals and objectives.
    • Participate in communicating risk status to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation until closure.
Specialist Skills / Technical Knowledge Required for this role:
  • Strong knowledge of banking processes and operations, information security technologies, processes, and systems.
  • Good business acumen, strong communication and collaboration skills.
  • Problem solving and can-do attitude, requires minimal supervision.
  • Good technical capability with respect to information security in the areas of application security, vulnerability assessment and penetration testing.
  • Strong understanding of cloud computing and security with exposure to cloud security tools and configurations.
  • B.S. in IT related discipline or similar degree preferable.
  • CISSP, CRISC, CISA certifications are preferred. Cloud security certifications are an added advantage.
  • Technical knowledge to understand detailed issues around information security, cyber security architecture, security solutions and overall risk in IT. Able to have enough expertise to drive a solution and solve issues, addressing risk.
  • Strong communications skills are required to work across the organization, and several corporate functions.
  • Ability to frame risk issues in a business-friendly language, to help communicate issues to business.
  • Familiarity with maintaining and managing GRC tool and other risk management tools and platforms
  • Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations is preferred.

Previous Experience:
  • 10-12 years of prior work experience, advanced knowledge, and experience in information security, third party security, vendor risk management, cloud security or related fields such as audit, IT Security. (preferably in banking and financial services sector)
  • Experience in the information security risk management life cycle, vulnerability assessment, application security, penetration testing.
  • Experience with RCSA and control testing.
  • Experience with MS Office and presentation tools.
  • Experience maintaining and managing GRC solutions.

Job Details

Employment Types:



Similar Jobs

People Also Considered

Data Not Available

Career Advice to Find Better

Simple body text this will replace with orginal content