3rd Party Cyber Risk Assessment I IT Security

Background

• We are seeking an experienced and strategic VP, Third-Party Cybersecurity Specialists to drive the implementation of a regional third-party cybersecurity assessment program.
• The successful candidate will lead the end-to-end third-party cybersecurity assessments across the vendor lifecycle to embed strong governance, enhance visibility, and ensure that third-party engagements align with the organisation's cybersecurity, operational resilience, and regulatory expectations.

Key Responsibilities

• Lead the design, implementation, and continuous enhancement of a comprehensive third-party cybersecurity assessment programme aligned with regulatory expectations and enterprise risk appetite.
• Develop and maintain third-party cybersecurity assessment and monitoring procedures and ensure adherence to established processes and procedures.
• Oversee onboarding and periodic cybersecurity due diligence assessments and monitoring of third-party cybersecurity posture to identify potential security risks.
• Identify control gaps, assess risk and recommend remediation actions or risk treatment plans. Track and manage remediation of identified vendor issues, control gaps, or audit findings.
• Lead communication and training initiatives to enhance organizational awareness and capability in managing third-party risks
• Support internal audits and regulatory reviews.
• Provide strategic recommendations to improve the effectiveness of third-party cybersecurity processes and programs.
• Drive regional alignment efforts to ensure consistency of standards across third-party engagements.
• Maintain a forward-looking perspective on emerging threats, regulatory developments, and industry trends to proactively strengthen third-party risk strategies.

Key Requirements

• At least 8-10 years experience in third-party risk management, cybersecurity, information security or outsourcing governance.
• Strong understanding of third-party risk lifecycle management, including onboarding, due diligence, ongoing monitoring, issue remediation and offboarding.
• Proven track record of managing third-party risk assessments in a leadership capacity, preferably in the financial services industry.
• Strong knowledge of third-party risk management frameworks, processes, and best practices.
• Familiarity with key regulatory compliance standards (e.g., MAS, BNM, PDPA, etc)
• Analytical mindset with the ability to identify, assess, and mitigate potential risks.
• Exceptional communication, negotiation, and interpersonal skills for engaging with internal and external stakeholders.
• Strong analytical, verbal and written communication skills with the ability to translate technical issues into clear business risk language.
• Demonstrated leadership experience in driving governance, standardisation and regional alignment.