Associate Director, Third Party Security Risk.

Strategy*

•   Support implementation of a comprehensive third-party cyber security strategy aligned with the organisation's overall security goals,

•   Identify emerging trends, technologies and threats to enhance third-party risk management practices,

•   Collaborate with senior leadership to integrate third-party security profile into broader business risk appetite and strategy,

•   Lead strategic initiatives to improve the maturity of the third-party security controls. 

Business*

•   Act as the trusted advisor between the security team and Business Units to ensure alignment of third-party security initiatives with business objectives,

•   Support Business in understanding and managing their third-party security landscape,

•   Facilitate further integration of third-party security requirements into procurement and vendor management processes,

Processes*

•   Ownership of Third-Party Security Risk toolset, including managing business requirements, technology changes and potential transition to new technology solutions, 

•   Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings,

•   Support proactive third party incident response and built long term collaboration with other Threat Intelligence teams across the organisation, 

•   Continuously improve processes based on feedback, audits, and evolving security threats,

•   Automate and streamline third party risk management processes to ensure efficiency and accuracy.

Risk Management*

•   Monitor and evaluate Third Party Security Risk process compliance with global regulatory framework, 

•   Support and promote a Threat Based Risk Assessment approach,

•   Articulate in a timely fashion the project risks and corresponding mitigation and contingency plans,

•   Ensure that issues are identified, escalated, and addressed as appropriate.

Governance*

•   Develop, document, and maintain process documentation,

•   Represent Third Party Security Risk team at various Risk Boards and Committees (including material preparation),

•   Enhance and build upon existing reporting mechanisms to properly articulate Bank's third-party security risk profile.

 Skills and Experience

• 8+ years of experience in information security, IT auditing, risk management, project management.
• Understanding of auditing standards, compliance, risk assessment and internal control frameworks.
• Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment.
• Strong sense of personal ownership and responsibility in accomplishing organisational goals,
• Strong time management skills.
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation,
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus,
• Project Management certifications is a plus.
• Excellent written, oral communication, reporting and presentation skills.