Manager - Third Party Risk Management - Abu Dhabi, United Arab Emirates - ADIB - Abu Dhabi Islamic Bank

    ADIB - Abu Dhabi Islamic Bank
    ADIB - Abu Dhabi Islamic Bank Abu Dhabi, United Arab Emirates

    2 weeks ago

    Default job background
    Full time
    Description


    Role : Manager - Third Party Risk Management
    Location : Abu Dhabi

    Role Purpose:

     Reporting to the Head of IS Third Party Security. Third-Party Security Manager is responsible for managing and overseeing Third Party risk management and assist in the review and maintenance of the third-party risk management framework to cater for the Group's needs and requirements.

    He will assist the Head of IS Third Party Security in taking informed decision for strategic critical third-party vendors and assessing the risk in a pro-active manner.

    Participates in developing information security risk mitigation strategies to ensure that risks are reduced to an acceptable level for all third parties, comply with relevant information security laws and regulations, increase operational efficiency, and achieve ADIB's information security objectives.

    Key Accountabilities of the role

    • Execute and supervise business services, processes, and technologies to conduct business impact analysis.
    • Support the Head of IS Third Party Security in its articulation of risk appetite and risk management and third-party security requirements.
    • Execute and conduct detailed technical security assessment for Third Party Security and Business Operations.
    • Execute detailed Data privacy impact analysis , assist and help the business and vendors as SME to complete the assessment
    • Execute Assessment projects under GISD and is accountable for delivery and quality and timeliness of assigned projects
    • Coordinate with Subsidiaries and International Business units to deliver related assessments for third parties and projects according to Department plan
    • Work with internal audit, business units, VMCP, FRM and ORM teams to align third party security requirements, identified risks, appetite for risk and mitigating controls, including the monitoring, and reporting on the effectiveness of the controls and the impact that this has on the overall security and risk.
    • Execute technical security assessments for the Bank's Third-Party security with other GISD Verticals team, report the outputs to GISD leadership, business, and technical
      teams for timely resolution.
    • Maintain all documentation related to Third party security unit, including policies, procedures, frameworks.
    • Execute and maintain the third-party asset criticality register and it is updated with latest vendor details on a periodic basis.
    • Maintain all third-party issues and risk are reported and notified to the relevant units within GISD.
    • Document and maintain all the issues are recorded and in the third-party issues register with all relevant details.
    • Carryout regular follow up with business units and internal GISD units related to third party issues, their action plan and target dates.
    • Support the Digital Security and Cloud Security initiatives of the bank and work with the Head of IS Third party in executing the same.
    • Participate in bank's digital transformation and cloud security initiatives as and when needed and as instructed by the Head of IS Third Party security.
    • Ensure bank's Third Party and Third-Party ecosystem is adequately protected. Adequate information security controls are followed by the third parties accessing Bank's data. And periodically review information security controls of strategic and critical Third parties, suppliers, and service providers.
    • Help in maintenance and upkeep of the Third-Party Security risk management framework aligned to ORM framework
    • Assist in developing strategic, tactical, and third-party risk dashboard reports.
    • Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Cyber Threat Intelligence unit..
    • Manage the implementation of systems and tools to automate the end-to-end Third-party security risk management cycle.
    • Work with the Head of IS Third Party Security for the continuous improvements in policies, procedures, standards, and guidelines in line with third party risk assessment findings and recommendations.
    • Develop and assist in reporting on Third party security KPIs and KRIs and monthly weekly dashboards to be reported
      in various forums.
    • Participate in communicating third party risks to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation.
    • Measure, monitor, and report on third party risks.
    • Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews.
    • Monitor and report on information security risk mitigation plans to ensure timely execution.
    Specialist Skills / Technical Knowledge Required for this role:

    Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, expertise in computer networks and cloud security.
    • Strong knowledge of banking processes and modus operandi, information security technologies, processes, and systems
    • Bachelor's degree in business, technology or related field or equivalent years of relevant work experience is required.
    • Knowledge of information security risks, controls, services, objectives, and trends and in protecting PII in alignment with local and global laws and regulations
    • Expertise in engaging with stakeholders.
    • Experience in banking and financial service sector preferred.
    • Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations.
    • Strong interpersonal, verbal, written and presentation skills.
    • Fluent in English to effectively communicate and convey departmental messages.
    • Following certifications are mandatory:
      • Certified in Risk and Information Systems Control (CRISC)
      • Certified Information Security Manager (CISM)
    • Following certifications are desirable:
      • Certified Cloud Security Professional (CCSP)
      • Certified Information Systems Security Professional (CISSP)
      • ISO 27001 LA
    • Minimum of five (5) years of Information Security experience is required
    • Minimum of eight (5) years Information Technology experience is preferred
    • Experience in the information security risk management life cycle
    • Experience with GRC / Privacy tools and platforms
    • Excellent verbal and written communication skills
    • Excellent interpersonal skills
    • Ability to work effectively with peers, IT management and staff, and internal/external business partners
    • Proficient in Microsoft Office products including Word, Excel, and PowerPoint
    • Strong experience in project management and coordination
    Previous Experience:

    Minimum of 8-12 years of information security, risk management and related experience is required. Banking Experience is mandatory.