TPTRM Analyst-Consultant

Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks

Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems

Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary

Review thoroughly asset classifications and pre-existing asset related risks control responses ensuring sync with TPTRM assessments responses

Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback

Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process

List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks

Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.)

Ensure periodic review of ICT arrangements and contracted ICT services

Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption.

Functional Skills

Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation.

Experience in the Finance IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS

Demonstrate knowledge of Risk Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments

Working knowledge of global regulations, frameworks and standards (ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries.

Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.

Good IT knowledge

- Good understanding of organizations and IT Businesses

- Good technical understanding of infrastructures and IT Security Productions and Systems

- IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc.

- Knowledge of Cyber Resilience, IT continuity and business continuity

- GRC - Governance, Risk Management and Compliance Management.

- Firewall and Internet technologies; Cloud Security, Banking Tools Technologies.

- Secure access control mechanisms; Encryption and Key management technics

- Strong Communication, Analytical and problem-solving skills.

- Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills

- Good documentation and reporting skills

- Ability to work independently

- Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users

- Good communication, technical writing/diagramming skills

- Attention to detail and accuracy

- One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+.

- IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.

- IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001)

- Regulatory Compliance