Third-Party Security Manager

Halian


Date: 2 days ago
City: Abu Dhabi
Contract type: Full time
Job Title:Third-Party Security Manager

Location: Abu Dhabi, NONE

Employment Type:

Permanent

Role Purpose:

The Third-Party Security Manager is responsible for managing and overseeing third-party risk management and assisting in the review and maintenance of the third-party risk management framework to meet the Group's needs. This role involves supporting the Head of IS Third Party Security in making informed decisions regarding critical third-party vendors and proactively assessing associated risks.

Key Metrics:

  • Percentage of third-party assessments completed on or before target dates within planned cost and quality requirements.
  • Percentage of implemented risk mitigation controls from the total number of planned controls.
  • Number of third-party issues remediated within target dates.
  • Percentage of compliance with relevant regulatory requirements.

Key Accountabilities of the Role:

  • Execute and supervise business services, processes, and technologies to conduct business impact analyses.
  • Support the Head of IS Third Party Security in articulating risk appetite and third-party security requirements.
  • Conduct detailed technical security assessments for third-party security and business operations.
  • Perform data privacy impact analyses and assist businesses and vendors in completing assessments as a subject matter expert.
  • Manage assessment projects under GISD, ensuring quality and timeliness of delivery.
  • Coordinate with subsidiaries and international business units to deliver assessments for third parties and projects per departmental plans.
  • Collaborate with internal audit, business units, and risk management teams to align third-party security requirements and mitigating controls.
  • Execute technical security assessments for third-party security, reporting findings to GISD leadership and relevant teams.
  • Maintain documentation related to the third-party security unit, including policies, procedures, and frameworks.
  • Keep the third-party asset criticality register updated with vendor details periodically.
  • Report and notify relevant units within GISD of all third-party issues and risks.
  • Document and maintain all issues in the third-party issues register.
  • Follow up regularly with business units on third-party issues and their action plans.
  • Support digital security and cloud security initiatives and participate in the bank's digital transformation efforts.
  • Ensure that third-party ecosystems are adequately protected and that security controls are followed by all third parties accessing bank data.
  • Assist in maintaining the third-party security risk management framework aligned with the ORM framework.
  • Develop and assist in reporting on third-party security KPIs and KRIs through dashboards for various forums.
  • Communicate third-party risks and remediation plans to relevant stakeholders and ensure follow-up on implementation.
  • Measure, monitor, and report on third-party risks.
  • Engage staff and vendors to develop risk mitigation plans for identified risks in vendor reviews.
  • Monitor and report on the execution of information security risk mitigation plans.

Specialist Skills / Technical Knowledge Required for This Role:

  • Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, and excellent communication abilities.
  • Strong knowledge of banking processes, information security technologies, and risk management practices.
  • Bachelor's degree in business, technology, or a related field, or equivalent relevant work experience.
  • Knowledge of information security risks, controls, and protecting PII in compliance with local and global laws.
  • Strong interpersonal and presentation skills; ability to engage effectively with stakeholders.
  • Experience in the banking and financial services sector preferred.
  • Fluent in English.

Certifications Required:

  • Mandatory: Certified in Risk and Information Systems Control (CRISC) and Certified Information Security Manager (CISM).
  • Desirable: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor.

Previous Experience:

  • Minimum of 8-12 years in information security, risk management, and related fields; banking experience is mandatory.
  • At least 5 years of direct information security experience.
  • Preferred: 5 years in information technology.
  • Experience with GRC/privacy tools and platforms.
  • Strong communication and interpersonal skills.
  • Proficient in Microsoft Office (Word, Excel, PowerPoint).
  • Strong project management and coordination experience.

Third-Party Security Manager in Abu Dhabi, NONE

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Crisis Management & Business Continuity Unit Head JOB (UAE National)

Department of Culture and Tourism – Abu Dhabi (DCT Abu Dhabi), Abu Dhabi
18 hours ago
1             Job DetailsJob Title               Crisis Management and Business Continuity Unit HeadDepartment      Business Excellence and Continuity Department          Section               Enterprise Risk Management and Business Continuity Section             Unit       Crisis Management and Business Continuity UnitDirect Manager               Enterprise Risk Management and Business Continuity Section HeadDirect Reports 1 2             Role PurposeLead the development and implementation of a Corporate and External (Tourism and Culture Sector-wide) business continuity...

Receptionist (Russian Speaker)

Rixos Hotels, Abu Dhabi
23 hours ago
Company DescriptionRixos Marina Abu Dhabi is a luxurious hospitality establishment that seamlessly combines modern elegance with world-class amenities. Nestled in the heart of Abu Dhabi, our resort offers an unparalleled experience for both leisure and business travelers. With a prime waterfront location, Rixos Marina Abu Dhabi sets itself apart as a premier destination for those seeking a blend of sophistication,...

Sr Oracle EBS Financial Functional Consultant in Abu Dhabi

DEVENIR Software Pvt Ltd, Abu Dhabi
23 hours ago
Key responsibilities include budgeting, FRS, and smartview.Key requirements: Possess EBS 5+ years, Cloud 3+ years.About Company: Devenir Software Pvt Ltd is the hiring Process and getting the best qualified candidates for all the clients to the respective positions that they will be hiring. We are simpliefied with user-friendly and web enabled software that completely automates the recruitments, assessments, referral and...