• Due Diligence & Risk Assessment: Perform thorough due diligence on third-party vendors, evaluating operational, security, compliance, and financial risks.

• Vendor Monitoring & Reporting: Continuously assess and monitor third-party risks, security postures, and contract compliance. Report risk status to senior management.

• Risk Mitigation & Incident Management: Implement risk mitigation strategies and lead incident management for third-party breaches or failures.

• Cross-Department Collaboration: Work with procurement, legal, IT, and other business units to ensure third-party contracts and security align with risk management strategies.

 

• Risk Management Tools: Experience with RSA Archer, MetricStream, or LogicManager for risk assessments, vendor scoring, and compliance tracking.

• Security Monitoring: Proficiency in SIEM tools like Splunk, IBM QRadar, and ArcSight for detecting, analyzing, and managing third-party security events.

• Vulnerability Management: Hands-on experience with Tenable.io, Qualys, or Rapid7 Nexpose for vulnerability scanning and management.

• Third-Party Management Platforms: Familiarity with OneTrust, ProcessUnity, or Prevalent for ongoing third-party risk assessments and monitoring.

• Incident Response: Experience using tools like ServiceNow or PagerDuty for handling third-party security incidents and coordinating remediation actions.

• IAM Tools: Working knowledge of Okta, CyberArk for ensuring secure vendor access to bank systems.

 

• Education: Bachelor's degree

• ISO/IEC 27001 Lead Implementer

• PCI DSS

• Certified Information Systems Auditor (CISA)

• Strong analytical skills with the ability to assess and mitigate complex third-party risks.

• Excellent communication and stakeholder management skills.

• Ability to navigate regulatory environments and ensure compliance with third-party risk policies.

• Ability to drive strategic risk management initiatives while handling day-to-day operational challenges.