In this role, you will be responsible for assessing, monitoring, and managing IT and cybersecurity risks associated with third-party vendors and service providers. You will work closely with cross-functional stakeholders across Procurement, Legal, Compliance, Cybersecurity, and IT to ensure third-party risks are identified, evaluated, and effectively mitigated throughout the vendor lifecycle.
Responsibilities:
- Lead and perform IT risk assessments on third-party vendors and service providers, including cloud services, SaaS, infrastructure providers, and managed services.
- Define and maintain the third-party risk management (TPRM) framework, processes, and controls in alignment with internal policies, regulatory requirements, and industry best practices.
- Collaborate with procurement and business units during vendor onboarding and renewal to conduct due diligence, risk reviews, and control assessments.
- Evaluate vendor responses to security questionnaires and assess supporting documentation (e.g., SOC reports, ISO certifications, penetration test results).
- Track and monitor identified risks, issues, and remediation plans with third-party vendors to ensure timely resolution.
- Conduct periodic reassessments of critical vendors to ensure ongoing compliance with security and data protection requirements.
- Support regulatory, audit, and internal reporting requirements by maintaining accurate and comprehensive third-party risk records.
- Contribute to the development of risk metrics, dashboards, and reports for senior management and governance forums.
- Stay current on regulatory developments and emerging risks related to third-party risk management and cybersecurity.
Requirements:
- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field.
- 3-8 years of experience in IT risk management, third-party/vendor risk assessment, or cybersecurity in a regulated industry
- Strong knowledge of IT controls and security frameworks
- Familiarity with regulatory requirements such as MAS TRM, GDPR, PDPA, or equivalent.
- Experience in reviewing technical documents such as SOC reports, penetration tests, and cloud security
- Excellent stakeholder management, communication, and analytical skills.
To apply:
If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
