Company Description

Join the UAE\'s largest bank and one of the world\'s largest and safest financial institutions. Our focus is to create value for our employees, customers, shareholders and communities to grow through differentiation, agility and innovation. We are looking for top talent and your success is our success. Accelerate your growth as you help us reach our goals and advance your career. Be ready to make your mark a top company, in an exciting and dynamic industry.



JOB PURPOSE:

Will be responsible for assessing, reviewing and maintaining compliance with Bank\'s Vendor Risk Management requirements in line with

• Local Regulatory requirements
• International FAB branches and subsidiaries regulatory requirements
• New and existing vendors information security due diligence according to regulatory requirements

KEY ACCOUNTABILITIES

Generic Accountability- Assist Ist line of defense (SVM and Business) on the VRM framework processes

• Organise and supervise the work of the assigned VRM role to international team to ensure that all work within a specific area of the activity is carried out in an efficient manner, which is consistent with operating procedures and policy.
• Provide on-the-job training and constructive feedback to assigned team to support their overall development.
• Promote the organisation\'s values and ethics in all activities within the team in order to support the establishment of a value drive culture within the bank.

Generic Accountability - Policies, Systems, Processes & Procedures

• Provide inputs and implement policies, systems and procedure for the assigned team so that all relevant procedural/legislative requirements, fulfilled while delivering a quality, cost-effective service.

Generic Accountability - Continuous Improvement

• Participate in the identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction

Generic Accountability - Reporting

• Prepare sectional statements and reports timely and accurately to meet FAB and department requirements, policies and quality standards.

Job Context

• Performs evaluation of Third Party and Vendor engagements to identify and manage vendor risk which may include completion of inherent and overall risk assessments and initiating due diligence with cross function in accordance with procedures.
• Develops and performs reporting for VRM including data collection, consolidation, analysis, spreadsheets and dashboards in support of the VRM process.
• Completes quality control reviews and testing to ensure procedures are followed.
• Provide VRM training to VM/VRM/BU related SPOCs across the group and when requested for existing or new members
• Prepare Weekly, Monthly, Quarterly VRM related reports on request bases, including monthly SLA\'s for each country.
• Daily timesheet to be updated in Archer on all activities performed throughout the day.
• Assist/Support all teams on VRM related policies and procedures, including support in reviewing VRM IRQ\'s & DDQs.
• Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.
• Review third-party contracts and recommend relevant security control clauses as relevant to the service provided and identified risks (if any).
• Analyse, update, and modify procedures and processes to identify and continuously implement vendor risk management process improvements
• Stay informed about the latest developments in the vendor risk management field
• Serve as the subject matter expert in interpreting requirements and improve awareness of Operational Risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contracts
• Perform any other job related instructions, as requested, with reasonable accommodation

Qualifications

Minimum Qualification

• Should have Bachelor Degree or Master\'s Degree
• Expert knowledge of Information Security Domains and should be certified (CISA, CISSP or CISM or any other relevant security certification)
• Possess good Project Management skills
• Highly developed communication skills, both verbal and written

Minimum Experience

• Minimum of 3+ years related work experience in vendor management or vendor risk management is required
• Comprehensive knowledge of applicable concepts and methodologies such as continuous quality improvement and auditing experience
• Extensive working experience in Business Risk Management, Security Risk, Operational Risk, Internal Audit, and/or Controls related function is preferred
• Familiar with industry compliance standards, such as ISO27001, PCI DSS, SOC1 (SSAE16) and SOC2
• Understanding of governance structures used to manage vendor risk programs and vendor mitigation and oversight

First Abu Dhabi Bank