We are seeking a detail-oriented and experienced IT Third Party Risk professional to join our team. In this role, you will be responsible for assessing, monitoring, and managing IT and cybersecurity risks associated with third-party vendors and service providers. You will work closely with cross-functional stakeholders across Procurement, Legal, Compliance, Cybersecurity, and IT to ensure third-party risks are identified, evaluated, and effectively mitigated throughout the vendor lifecycle.
Responsibilities:
- Lead and perform IT risk assessments on third-party vendors and service providers, including cloud services, SaaS, infrastructure providers, and managed services.
- Define and maintain the third-party risk management (TPRM) framework, processes, and controls in alignment with internal policies, regulatory requirements, and industry best practices.
- Collaborate with procurement and business units during vendor onboarding and renewal to conduct due diligence, risk reviews, and control assessments.
- Evaluate vendor responses to security questionnaires and assess supporting documentation (e.g., SOC reports, ISO certifications, penetration test results).
- Track and monitor identified risks, issues, and remediation plans with third-party vendors to ensure timely resolution.
- Conduct periodic reassessments of critical vendors to ensure ongoing compliance with security and data protection requirements.
- Support regulatory, audit, and internal reporting requirements by maintaining accurate and comprehensive third-party risk records.
- Contribute to the development of risk metrics, dashboards, and reports for senior management and governance forums.
- Stay current on regulatory developments and emerging risks related to third-party risk management and cybersecurity.
Requirements:
- Bachelor&aposs degree in Information Technology, Cybersecurity, Risk Management, or a related field.
- 3-7 years of experience in IT risk management, third-party/vendor risk assessment, or cybersecurity in a regulated industry
- Strong knowledge of IT controls and security frameworks
- Familiarity with regulatory requirements such as MAS TRM, GDPR, PDPA, or equivalent.
- Experience in reviewing technical documents such as SOC reports, penetration tests, and cloud security
- Excellent stakeholder management, communication, and analytical skills.
To apply:
If you&aposre interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
