Vendor cyber security related events and vulnerabilities related analysis, triaging, outreach , escalation and reporting.
Explore automation to enhance efficiency and quality of various team processes.
Collaboration with relevant stakeholders to identify and enhance the Third-Party Cyber event and incident process.
Key Responsibilities
Perform initial triage to understand the scope of services provided by the potentially impacted third party, including identification of Firm systems and applications potentially impacted.
Initiate outreach to the vendor to confirm whether third party and Firm have been impacted.
Establish clear communication channels for timely follow-ups, updates and escalation.
Apply foundational knowledge of attack vectors, techniques, and phases across network, cloud, and OS environments, as deemed required for incident management.
Coordinate with multiple internal teams throughout the incident lifecycle until closure.
Ensure alignment on remediation, communication, and reporting requirements.
Identify cybersecurity, operational, reputational risks related to Firm s third-party and Nth-party relationships.
Fulfil periodic reporting obligations.
Maintain comprehensive documentation for audit trail, throughout incident lifecycle as required.
Identify unique use cases, improvement scope in current process, document lessons learned and recommend process improvements to prevent recurrence.
Regularly review and update Team Procedures and Runbook as required.
Required Experience and Skills:
We are looking for :
8+ years of relevant experience in financial industry / technology, either in Incident Management or Third Party Risk Management (including Vendor Risk Assessments) fields.
Strong understanding of cybersecurity principles, ability to analyse threat intelligence and vendor reports.
Excellent communication and presentation skills both written and verbal; must be comfortable interacting with all management levels and a global workforce (strong English proficiency is essential).
Strong data analysis and reporting capabilities.
Proficiency with Microsoft Office (Excel, Word, PowerPoint); familiarity with ProcessUnity or ServiceNow is a plus.
A detailoriented, accurate, tenacious, and deliveryfocused mindset.
Basic knowledge of attack vectors and phases, and flexibility to work in shifts.
Desired Qualifications
Industry Certification such as CISA, CISSP, CISM, CRISC an advantage
Experience with Python development.