vendor Risk Analyst

Job Title - vendor Risk Analyst

Location - Dubai

Duration - 6 Months.

No of Openings - 2.

Salary - 12k AED.

Job Description:

Key Responsibilities

• Conduct thorough assessments of new vendors across all risk areas, with a focus on information security, operational risk, financial risk, and compliance. Evaluate vendor responses to due diligence questionnaires and assess the adequacy of the provided evidence.
• Assess vendor security controls and risk management practices by analyzing evidence, identifying weaknesses, and evaluating control effectiveness.
• Perform periodic reviews of existing vendors to ensure they continue to meet security, compliance, and risk management standards, identifying any new or emerging risks.
• Identify, document, and assess risks and control gaps. Rate vendor controls and risk levels in accordance with the Bank's methodology.
• Develop risk remediation plans to address identified issues, working with vendors to gain agreement on timelines and actions. Follow up to ensure corrective actions are implemented in a timely manner.
• Prepare assessment reports for stakeholders, documenting findings, risk levels, and remediation plans. Maintain thorough records of assessments and follow-ups.
• Work closely with internal departments, such as Legal, Risk, Compliance, and Information Security, to ensure alignment on risk expectations and facilitate effective vendor risk management.
• Identify opportunities to improve the vendor risk assessment process, including updates to questionnaires, assessment methodologies, and risk monitoring tools.

Key Requirements

• Minimum of 2 years of experience in vendor risk assessment or a similar role, with a focus on information security and IT risk management. Experience in IT audits, cybersecurity, or risk assessments is highly advantageous.
• Strong understanding of information security controls, risk management frameworks (e.g., ISO 27001, NIST, COBIT), and regulatory requirements related to outsourcing and third-party risk management.
• Proven ability to analyze complex documentation and evidence to identify potential risks and control gaps. Comfortable identifying issues, assessing risks, and developing practical remediation plans.
• Effective communicator with the ability to explain complex issues clearly and negotiate risk remediation plans with vendors and stakeholders.
• Excellent attention to detail in assessing evidence and documenting findings.
• Able to work collaboratively in a cross-functional environment, partnering with internal teams and stakeholders to support the third-party risk management objectives.