Division: CISO
About the Role: We are seeking a dynamic and experienced Third Party Security Manager to join the IT Risk tribe. In this role, you will be responsible for internal coordination of Third Party Security assessments for all external Third Parties including Merger and Acquisition initiatives and enable the post-merger integration initiatives when applicable.
To achieve it, you will work closely with multi-functional teams from all the organization and will be exposed to a diversified set of topics, business and technologies.
Role Description – IT Security Manager
The role will be responsible for execution of risk-based IT Security controls for Third Parties. Key responsibilities:
Merge and Acquisition Assurance:
1. Due Diligence - risk profiling, onboarding, re-certification
2. Contract Management - ensuring that the security expectations included in the contract are proportionate to the risk profiling
3. Exit Management - performance of necessary security checks at the end of a contractual agreement with a Third Party
4. Ongoing monitoring - Facilitate and support response to the, alerting and incident of external Third Parties
Third-Party Assurance Lifecycle
5. Due Diligence - risk profiling, onboarding, re-certification
6. Contract Management - ensuring that the security expectations included in the contract are proportionate to the risk profiling
7. Exit Management - performance of necessary security checks at the end of a contractual agreement with a Third Party
8. Ongoing monitoring - Facilitate and support response to the, alerting and incident of external Third Parties
Continues Improvements
9. Participate and support in delivery of regulatory driven change. DORA
10. Identify, design and implement process improvements
11. Lead demand capacity management
12. Deliver training and coaching sessions for the team
13. Taking initiatives to document and communicate intensively to further increase Third Party Security, knowledge and expertise
Core Skills
14. Previous experience in Third Party Security Management (. Due Diligence), is mandatory
15. Knowledge of security risk management
16. Knowledge of control frameworks, ., ISO 27000, NIST, CIS-18, COBIT-5
17. Knowledge of relevant regulations,. DORA, Outsourcing, ESMA, etc.
18. Knowledge of logging, monitoring and alerting is an advantage
19. Knowledge of similar ecosystem frameworks, ., SWIFT CSP is an advantage
20. Knowledge of financial markets, FMIs and CSD operations is an advantage
21. Experience with supplier and supply chain due diligence framework, procedures, data gathering risk and control assessment.
22. Experience with contract review of information security schedules and terms
23. Knowledge of logging, monitoring and alerting is an advantage
24. Experience with ServiceNow GRC is an advantage
25. IT Security Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.
Soft Skills
26. Leadership. Be an inspiring and engaging leader by providing strategy and direction to team members, by showing business acumen, by possessing self-reflection and by being results-driven
27. Interpersonal. Be self-motivated and proactive, have strong, innovative and creative problem-solving skills, be open and welcoming to change, work comfortably in a constantly evolving environment and have an ability to remain calm under pressure and in the face of uncertainty.
28. Collaborative. Work comfortably with business executives and stakeholders, within group settings or with team-members
29. Change. Ability to handle multiple projects against tight deadlines whilst being instrumental in delivering cultural change throughout the organisation
30. Experience with managing regulatory compliance issues as well as providing best practices in security
31. Strong organization, prioritization management, coordination, reporting and communication