Cyber Risk and Compliance Specialist

Purpose 

As a Cyber Risk and Compliance TPRM (Third Party Risk Management) Specialist will be placed in the Cybersecurity and Information Security Business Area and you will be responsible for  assisting the oversight and evaluation of risks associated with third-party vendors or service providers. You will work closely with Senior team members of the Cyber Risk and Compliance Domain, ensuring that external relationships adhere to regulatory requirements and organizational standards for risk, compliance, security, and resilience.
 

What you will be doing

•    Assist in the delivery of Cyber Risk and Compliance Services (Policy and Controls, Risk Management, Compliance, Reputation Management, Training and Awareness etc).
•    Assist in the 3rd party Cyber Security Risk Management Service, including:
-risk assessments for new and existing 3rd party vendors, evaluating their security posture and potential impact on the Bank.
-collect, review, and analyze vendor’s documentation (certifications, reports, vulnerability assessments, penetration tests etc).
-identify, track, and escalate potential risk issues for remediation to ensure proper mitigation strategies are in place.
-support the onboarding process for new vendors, ensuring due diligence and compliance with Bank standards, policies and risk appetite.
-collaborate with vendors to ensure they understand and meet the Bank’s risk management expectations.
-monitoring processes for 3rd party vendors, evaluating performance and risk exposure.
-reporting on vendor risk profiles and status, providing regular updates to management.
compliance with relevant regulatory requirements and industry standards, such as ISO 27001, GDPR, DORA and PCI-DSS.
-periodic audits, reviews and validation of the 3rd party vendors’ security controls to ensure their compliance with security policies, standards and regulatory requirements.
-guidance and support to business areas on third-party risk management best practices.
•    Stay up-to-date with the latest cybersecurity threats, vulnerabilities, risks, regulatory changes that may affect Cyber Risk and Compliance Domain services.
•    Collaborate with internal Business Areas and teams, including IT, DPO, Legal, Procurement, and Compliance, to coordinate third-party risk assessments and controls.

What you need to have

•    A Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Risk Management or in related field
•    Familiarity with risk management frameworks, vendor assessments and regulatory requirements and frameworks (e.g., NIST, ISO 27001, DORA).
•    Basic understanding of risk management and assessment tools, experience with GRC (Governance, Risk and Compliance) software will be considered a plus
•    Manage concurrent activities with tight deadlines
•    Ability to learn and operate a variety to technology tools and platform
•    Knowledge of Cyber Risk Management and Cybersecurity Governance
•    Knowledge of Cloud security and 3rd party cloud service providers will be considered as a plus.