Company: Union Bank of the Philippines
Position: Third-Party Security Manager
Office Location:
Job Summary: The Third-Party Security Risk Manager shall be responsible for the third-party risk assessment to ensure that the Bank's security requirements are met, and that appropriate due diligence and security assessment is conducted in selecting and onboarding third-party service providers.
Duties And Responsibilities
- Develop, coordinate, plan and execute security assessments of Bank's third-party contractors and partners focusing on compliance with regulations and applicable standards.
- Lead the implementation of programs and mechanisms to properly monitor the performance of third-party service providers and assess whether sufficient level of security controls is maintained, and Bank procedures, policies and internal controls are being complied with.
- Ensure that contracts sufficiently detail information security requirements, particularly for third-party service providers that store, transmit, process, or dispose of customer information.
- Collaborate with business units and stakeholders to assist in governance structure and oversight of security frameworks of third-party providers in compliance with PCI-DSS, ISO27001, and other applicable standards.
- Establish and drive security best practice and governance across all third-party risk management activities of the Bank.
- Work with relevant groups to identify, assess, and document third party relationships, including the regular security review of vendors and critical outsourcing arrangements. Gather input from technical groups to define the baseline security requirements for suppliers and third-party providers based on the service they provide and the frequency of assessments.
- Identify vendor frameworks and communicate vendor risk concepts to ensure these are reflected in the Bank's policies, standards, procedures.
Required Experience: Graduate of four (4) year course with Bachelor's degree preferably in business-related field.
Required Skills
- Knowledge of information security principles and standards (ISO 27001:2013, PCI DSS v. 3.2, NIST)
- Capability to change direction and showing flexibility to meet new demands of the rapid-changing IT landscape.
- Ability to work independently and successfully manage multiple concurrent projects simultaneously and by level of prioritization.
- Strong leadership skills and ability to work with peers across various levels of management
- Effective oral and written communication skills
- Critical thinking, analytical and problem-solving skills.
- Capability to be proactive and work in a fast-paced environment
