Associate Manager - Third Party Risk Management

Disclaimer

We never ask for any kind of payment as part of our selection process, and we always contact candidates via our corporate accounts and platforms. If you are approached for payment or asked to make a purchase, this is likely to be fraudulent. Please check to see whether the role you are interested in is posted here, on our website.

About TMF

TMF Group is a leading provider of administrative services, helping clients invest and operate safely around the world. As a global company with 11,000+ colleagues based in over 125 offices across 87 jurisdictions, we actively seek out people with the talent and potential to flourish at TMF Group, whatever their background, and offer job opportunities to the broadest spectrum of people. Once on board, we nurture and promote talented individuals, ensuring that senior positions are open to all.

Discover the role

The Assistant Manager, Third Party Risk Management, is primarily responsible for developing and managing a third-party risk management process that tracks third-party risks. Work directly with the Manager – Third Party Risk Management and the CISO / CSRO Office team to define issues and information needs and translate them into implementable technical enhancements to the TPRM Program. Deliver reporting for the Overall TPRM Program.

Employ the analytics features to compile and synthesize data to make grounded recommendations to assess and protect against risk exposure to guide decision making to advise the business with respect to TPRM.Champion and execute updates to the existing reporting and technology framework to reduce risk and enhance efficiency. Oversee and make recommendations about additional add-on features. Assess the Information Security posture of third parties (Sub-contractors and vendors), including their IT applications in the scope of the service provided to TMF, at the time of contracting their service and periodically thereafter.

The resource is also responsible for assessing information security risks from third parties and specifying appropriate technical and organizational controls to address the risks to be formally included in the contract with the third parties. The incumbent will check the compliance of the third parties to the specified security requirements on an annual basis / or as and when required by conducting reassessments / audits.

Key Responsibilities

• Review and maintain Third Party Risk Assessment procedure and assessment questionnaire.
• Review third party responses and ensure required controls are in place. Identify gaps and raise them with sponsors for resolution
• Identify technical and organisational measures / security controls that need to be included in the contract with the third party.
• Maintain an inventory of onboarded third parties, along with key contact personnel, and rate them based on access level / risk level / criticality level
• Conduct periodic (annual) reassessments to verify / validate the security posture of the vendor and compliance to the agreed security controls
• Share details of vulnerabilities that may affect the applications provided by the vendor and check if the vulnerabilities are remediated in a timely manner.

Key Requirements

The Candidate needs to possess strong technical and soft skills, as highlighted below :

General Skills Requirement

What's In It For You

Pathways for career development

Making an impact

A supportive environment

Other Benefits

We're looking forward to getting to know you!

Skills Required

Gdpr