Conduct thorough assessments of new vendors across all risk areas, with a focus on information security, operational risk, financial risk, and compliance. Evaluate vendor responses to due diligence questionnaires and assess the adequacy of the provided evidence.
Assess vendor security controls and risk management practices by analyzing evidence, identifying weaknesses, and evaluating control effectiveness.
Perform periodic reviews of existing vendors to ensure they continue to meet security, compliance, and risk management standards, identifying any new or emerging risks.
Identify, document, and assess risks and control gaps. Rate vendor controls and risk levels in accordance with the Bank’s methodology.
Develop risk remediation plans to address identified issues, working with vendors to gain agreement on timelines and actions. Follow up to ensure corrective actions are implemented in a timely manner.
Prepare assessment reports for stakeholders, documenting findings, risk levels, and remediation plans. Maintain thorough records of assessments and follow-ups.
Work closely with internal departments, such as Legal, Risk, Compliance, and Information Security, to ensure alignment on risk expectations and facilitate effective vendor risk management.
Identify opportunities to improve the vendor risk assessment process, including updates to questionnaires, assessment methodologies, and risk monitoring tools.
Requirements
Key
Requirements
Minimum of 2 years of experience in vendor risk assessment or a similar role, with a focus on information security and IT risk management. Experience in IT audits, cybersecurity, or risk assessments is highly advantageous.
Strong understanding of information security controls, risk management frameworks (e.g., ISO 27001, NIST, COBIT), and regulatory requirements related to outsourcing and third-party risk management.
Proven ability to analyze complex documentation and evidence to identify potential risks and control gaps. Comfortable identifying issues, assessing risks, and developing practical remediation plans.
Effective communicator with the ability to explain complex issues clearly and negotiate risk remediation plans with vendors and stakeholders.
Excellent attention to detail in assessing evidence and documenting findings.
Able to work collaboratively in a cross-functional environment, partnering with internal teams and stakeholders to support the third-party risk management objectives.