Job Title

Role Purpose: Responsible for establishing and enhancing the framework for evaluating vendor risk and processes to support third party due diligence, risk assessment and ongoing monitoring.The role is also responsible for leading SBIC third party risk strategy, ensuring adequate resources are align to processes to support due diligence, risk assessment and ongoing monitoring, ensuring inherent risks and control gaps are accurately identified and remediated in timely manner.Role Accountability:Manage risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle as part of SBIC’s Vendor Risk Management Program (VRMP)Lead vendor risk assessment program to ensure that organizational security risks are identified and appropriately mitigatedEnsure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are reviewed periodically from information security perspectiveActively identify, prioritize and pursue opportunities to enhance SBIC’s third party risk management processes and introduce innovative approaches and solutions to optimize efficiency and effectivenessOversee vendor risk assessments from information security perspective using ISO27001, PCI DSS, NIST framework to meet the organization standardsMonitor and report status of open observations and remedial efforts to SBI Card leadershipDefine, monitor and report KRIs/ SLAs pertaining to VRM, while ensuring tight integration with the Sourcing processesRepresent Third Party Risk in Sourcing, Risk or organization-wide working groups and committeesMonitor vendor compliance, undertake extensive vendor evaluations from information security perspective and then make active recommendations to the business / vendor to mitigate the risks and provide risk based clauses for the agreements with the vendorWork with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement, a plan is developed and executed that indicates the process and/or service involved, the outgoing vendor, the replacement vendor, the anticipated timeline, measurable milestones, expected completion date and the plan for contingenciesAct as a subject matter expert to assist the business in identifying and mitigating risks on their vendor relationshipsDeliver continuous training and awareness to Business partners on vendor riskProactively engage on opportunities to work with the business to educate stakeholders on the Third Party Risk Management programEnsure process documentation and compliance adherenceMeasures of Success:Successful closure of vendor risk assessments within the agreed timelinesIncrease in maturity of vendor risk Programs (Adoption & Capabilities)Timely and accurate development and maturing of the Vendor risk profiling of SBI CardTimely and accurate delivery of updates, presentations, assessment reports etc. to relevant stakeholdersAlignment of Third-Party Risk Management Program with regulatory requirementsTimely monitoring and reporting of KRIs/ SLAs pertaining to VRMTimely and accurate publication of MIS/ business dashboardsProcess Adherence as per MOUTechnical Skills / Experience / Certifications:Industry-standard certifications such as ISO27001 LA, CEH, CCNA, CISSP, MCP etc.Knowledge of contract terms and conditionsUnderstanding of the inherent risks associated with engaging suppliers to perform services and support projects/initiativesKnowledge of common assessment control techniquesKnowledge of analytic techniques and methodsUnderstanding of security controls from a people, process and technology perspectiveShould be familiar with PCI-DSS frameworkExperience managing service providers/supplier relationshipsCompetencies critical to the role:Detail OrientationProcess OrientationStakeholder ManagementInfluencing skillsQualificationBachelor’s Degree in Computer Science / Information Security related areas.