Third-Party Security Risk Manager

Role Purpose

Reporting to the Head of IS Third Party Security. Third-Party Security Risk Manager is responsible for managing and overseeing Third Party risk management and assist in the review and maintenance of the third-party risk management framework to cater for the Group’s needs and requirements.

He will assist the Head of IS Third Party Security in taking informed decision for strategic critical third-party vendors and assessing the risk in a pro-active manner.

Specialist Skills / Technical Knowledge Required For This Role

• Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, expertise in computer networks.
• Strong knowledge of banking processes and modus operandi, information security technologies, processes, and systems
• Bachelor’s degree in business, technology or related field or equivalent years of relevant work experience is required.
• Knowledge of information security risks, controls, services, objectives, and trends
• Expertise in engaging with stakeholders.
• Experience in banking and financial service sector preferred.
• Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations.
  
  

Following Certifications Are Mandatory

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
  
  

Following Certifications Are Desirable

• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Security Professional (CISSP)
• ISO 27001 LA
  
  

Previous Experience

• Minimum of 8-12 years of information security, risk management and related experience is required. Banking Experience is mandatory.
• Minimum of five (5) years of Information Security experience is required
• Minimum of eight (5) years Information Technology experience is preferred
• Experience in the information security risk management life cycle
• Experience with GRC tools and platforms