Join the UAE\'s largest bank and one of the world\'s largest and safest financial institutions. Our focus is to create value for our employees, customers, shareholders and communities to grow through differentiation, agility and innovation. We are looking for top talent and your success is our success. Accelerate your growth as you help us reach our goals and advance your career. Be ready to make your mark a top company, in an exciting and dynamic industry.
JOB PURPOSE:
Will be responsible for assessing, reviewing and maintaining compliance with Bank\'s Vendor Risk Management requirements in line with
Local Regulatory requirements
International FAB branches and subsidiaries regulatory requirements
New and existing vendors information security due diligence according to regulatory requirements
KEY ACCOUNTABILITIES
Generic Accountability- Assist Ist line of defense (SVM and Business) on the VRM framework processes
Organise and supervise the work of the assigned VRM role to international team to ensure that all work within a specific area of the activity is carried out in an efficient manner, which is consistent with operating procedures and policy.
Provide on-the-job training and constructive feedback to assigned team to support their overall development.
Promote the organisation\'s values and ethics in all activities within the team in order to support the establishment of a value drive culture within the bank.
Provide inputs and implement policies, systems and procedure for the assigned team so that all relevant procedural/legislative requirements, fulfilled while delivering a quality, cost-effective service.
Generic Accountability - Continuous Improvement
Participate in the identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction
Generic Accountability - Reporting
Prepare sectional statements and reports timely and accurately to meet FAB and department requirements, policies and quality standards.
Job Context
Performs evaluation of Third Party and Vendor engagements to identify and manage vendor risk which may include completion of inherent and overall risk assessments and initiating due diligence with cross function in accordance with procedures.
Develops and performs reporting for VRM including data collection, consolidation, analysis, spreadsheets and dashboards in support of the VRM process.
Completes quality control reviews and testing to ensure procedures are followed.
Provide VRM training to VM/VRM/BU related SPOCs across the group and when requested for existing or new members
Prepare Weekly, Monthly, Quarterly VRM related reports on request bases, including monthly SLA\'s for each country.
Daily timesheet to be updated in Archer on all activities performed throughout the day.
Assist/Support all teams on VRM related policies and procedures, including support in reviewing VRM IRQ\'s & DDQs.
Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.
Review third-party contracts and recommend relevant security control clauses as relevant to the service provided and identified risks (if any).
Analyse, update, and modify procedures and processes to identify and continuously implement vendor risk management process improvements
Stay informed about the latest developments in the vendor risk management field
Serve as the subject matter expert in interpreting requirements and improve awareness of Operational Risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contracts
Perform any other job related instructions, as requested, with reasonable accommodation
Qualifications
Minimum Qualification
Should have Bachelor Degree or Master\'s Degree
Expert knowledge of Information Security Domains and should be certified (CISA, CISSP or CISM or any other relevant security certification)
Possess good Project Management skills
Highly developed communication skills, both verbal and written
Minimum Experience
Minimum of 3+ years related work experience in vendor management or vendor risk management is required
Comprehensive knowledge of applicable concepts and methodologies such as continuous quality improvement and auditing experience
Extensive working experience in Business Risk Management, Security Risk, Operational Risk, Internal Audit, and/or Controls related function is preferred
Familiar with industry compliance standards, such as ISO27001, PCI DSS, SOC1 (SSAE16) and SOC2
Understanding of governance structures used to manage vendor risk programs and vendor mitigation and oversight