Assistant Vice President, Vendor Risk Manager, Technology and Operations

Business FunctionTechnology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.Job DescriptionThis role is responsible for establishing, implementing, and maintaining a robust third-party risk management program. This role involves overseeing the assessment and continuous monitoring of third-party vendors and partners to identify, evaluate, and mitigate information security, compliance, and operational risks. This role will ensure that third-party relationships adhere to internal policies, industry standards, and regulatory requirements, protecting the organization's assets and reputation.Key Responsibilities: * Program Management: Develop, implement, and continuously improve the organization's Third-Party Risk Management (TPRM) framework, policies, procedures, and guidelines.* Risk Assessment & Due Diligence: * Perform comprehensive end-to-end and in-depth information security assessments of third parties throughout their lifecycle (onboarding, ongoing, offboarding).* Conduct due diligence reviews of prospective and existing third-party vendors, assessing their security controls, compliance posture, and operational capabilities.* Advise and assess security mitigating controls for Network, Server, Endpoint security, Data protection (PII, Cards), Cloud security (Azure/AWS/GCP/OCI), Encryption, and API security.* Review implementation of standards such as PCI-DSS, PCI-PIN, and PA-DSS as applicable to third parties.* Continuous Monitoring: Establish and manage processes for the periodic assessment and continuous monitoring of third-party and ecosystem partners' security posture and compliance.* Risk Mitigation & Advisory: * Identify potential risks associated with third-party engagements and projects, advise on effective mitigation strategies.* Provide expert guidance on control implementation for the protection of sensitive data and adherence to security-by-design principles.* Reporting & Stakeholder Engagement: * Responsible for audit planning, report review, and reporting on third-party risk posture to senior management and other stakeholders.* Liaise with business units on new third-party requirements, ensuring risk is considered from the outset.* Collaborate with internal teams (e.g., Legal, Procurement, IT, CISO team, Group Security) to ensure a consistent and integrated approach to third-party risk management.* Work with the CISO team on regulatory requirements and submissions pertaining to Digital Payment security for third-party engagements.* Liaise with business and partners on compliance and regulatory assurance related to third parties.* Compliance & Standards: * Ensure third-party engagements comply with relevant laws, regulations, and industry standards.* Review and validate third-party adherence to recognized security frameworks and standards such as ISMS (ISO 27001), SOC (Service Organization Control reports), and NIST CSF.Requirements* Strong understanding and practical experience with Third-Party Risk Management (TPRM) principles and best practices.* In-depth knowledge of information security domains, including network, server, endpoint, data protection, cloud security (Azure/AWS/GCP/OCI), encryption, and API security.* Clear understanding of application security assessments, source code review, and VAPT (Vulnerability Assessment and Penetration Testing).* Strong fundamentals of Defense-in-Depth security and SDLC (Software Development Life Cycle) processes.* Excellent understanding of industry standards and frameworks such as PCI-DSS, PCI-PIN, PA-DSS, ISMS (ISO 27001), SOC, and NIST CSF.* Proven ability to conduct security assessments and interpret security reports.* Strong analytical, problem-solving, and communication skills to effectively engage with internal and external stakeholders.* Experience with audit planning and reporting.* Ability to work independently and manage multiple third-party relationships concurrently.