SBI Card - Deputy Vice President - Vendor Security & Risk Governance (12-15 yrs)

Role Purpose: Responsible for establishing and enhancing the framework for evaluating vendor risk and processes to support third party due diligence, risk assessment and ongoing monitoring.

The role is also responsible for leading SBIC third party risk strategy, ensuring adequate resources are align to processes to support due diligence, risk assessment and ongoing monitoring, ensuring inherent risks and control gaps are accurately identified and remediated in timely manner.

Role Accountability:.

- Manage risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle as part of SBICs Vendor Risk Management Program (VRMP).

- Lead vendor risk assessment program to ensure that organizational security risks are identified and appropriately mitigated.

- Ensure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are reviewed periodically from information security perspective.

- Actively identify, prioritize and pursue opportunities to enhance SBICs third party risk management processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness.

- Oversee vendor risk assessments from information security perspective using ISO27001, PCI DSS, NIST framework to meet the organization standards.

- Monitor and report status of open observations and remedial efforts to SBI Card leadership.

- Define, monitor and report KRIs/ SLAs pertaining to VRM, while ensuring tight integration with the Sourcing processes.

- Represent Third Party Risk in Sourcing, Risk or organization-wide working groups and committees.

- Monitor vendor compliance, undertake extensive vendor evaluations from information security perspective and then make active recommendations to the business / vendor to mitigate the risks and provide risk based clauses for the agreements with the vendor.

- Work with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement, a plan is developed and executed that indicates the process and/or service involved, the outgoing vendor, the replacement vendor, the anticipated timeline, measurable milestones, expected completion date and the plan for contingencies.

- Act as a subject matter expert to assist the business in identifying and mitigating risks on their vendor relationships.

- Deliver continuous training and awareness to Business partners on vendor risk.

- Proactively engage on opportunities to work with the business to educate stakeholders on the Third Party Risk Management program.

- Ensure process documentation and compliance adherence.

Measures of Success:.

- Successful closure of vendor risk assessments within the agreed timelines.

- Increase in maturity of vendor risk Programs (Adoption & Capabilities).

- Timely and accurate development and maturing of the Vendor risk profiling of SBI Card.

- Timely and accurate delivery of updates, presentations, assessment reports etc.

to relevant stakeholders.

- Alignment of Third-Party Risk Management Program with regulatory requirements.

- Timely monitoring and reporting of KRIs/ SLAs pertaining to VRM.

- Timely and accurate publication of MIS/ business dashboards.

- Process Adherence as per MOU.

Technical Skills / Experience / Certifications:.

- Industry-standard certifications such as ISO27001 LA, CEH, CCNA, CISSP, MCP etc.

- Knowledge of contract terms and conditions.

- Understanding of the inherent risks associated with engaging suppliers to perform services and support projects/initiatives.

- Knowledge of common assessment control techniques.

- Knowledge of analytic techniques and methods.

- Understanding of security controls from a people, process and technology perspective.

- Should be familiar with PCI-DSS framework.

- Experience managing service providers/supplier relationships.

Competencies critical to the role:.

- Detail Orientation.

- Process Orientation.

- Stakeholder Management.

- Influencing skills.

Qualification:.

- Bachelors Degree in Computer Science / Information Security related areas.