Candidate profile details:

• Years of experience: 8yrs +
• Reason for request/why opened: Replacement
• Interaction with Stakeholders: 70%
• Project Scope: BAU
• Team Size: 25 ppl
• Selling Points of Position: Working within a leading FI organization

Background:

• No preferred

Summary of day to day responsibilities:

• About the role: We are looking for someone to lead and execute third party cyber risk assessments of bank’s global suppliers.
• The assessor will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect client.
• The assessor may also participate in department initiatives of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
• Coordinate with key risk stakeholders to initiate, scope and plan third party cyber risk assessments of new and existing suppliers of all risk levels.
• Lead or contribute to the completion of third-party cyber risk assessments at the business application, portfolio, or overall enterprise level.,
• Communicate the cyber risk assessment results to internal and external stakeholders.
• Coordinate with risk stakeholders to identify appropriate risk mitigation and remediation plans. Perform validation of the risk mitigation and remediation plans upon implementation.
• Complete assessments in accordance with internal procedures and standards, industry frameworks and best practices.
• Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
• Contribute to the definition, development, and oversight of a global third-party cyber security management strategy and framework.
• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.

Must haves:

• 3+ years of third party cyber risk assessment/assessor experience.
• Expert knowledge of IT security and risk disciplines and practices.
• Advanced knowledge of organization, technology controls, security and risk issues.
• Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
• Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.

Nice To Have:

• Information Security Certification / Accreditation is an asset.