Share this Job

Senior Manager, Third Party Risk Management

Date: 03-Jun-2022

Location: Singapore, Singapore

Company: Singtel Group

At Singtel, we're working on projects that push the boundaries of digital, realising our vision and purpose to Empower Every Generation. We have a dynamic and diverse team, with a passion for innovation, and talent to deliver cutting-edge digital solutions and immersive customer experience.

 

In Group IT, we create great technology that can change the future, and we're looking for people to be part of our digital and 5G journey. If you like to work in a dynamic, leading communications technology group to deliver innovations and excellence across the region, come join our digital, software engineering, data and cyber security teams!

 

Apply now, and ignite our digital future together.

 

Job Summary

  • The position will be part of the Group Governance & Compliance (GGC) team within Group Cyber Resilience (GCR).
  • The role of this position is to perform cyber security risk assessments on third parties in compliance with regulatory requirements and organizational policies.  He/she would provide Cyber Security Risk Committees (CSRC) oversight on cyber security risks of Third-Party Service Providers (TPSPs).
  • The position will be responsible to work with Business Unit stakeholders, and update identified cybersecurity risks of TPSPs to them.  He/she would provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
  • The position will work closely with their peers and other department team members to ensure cybersecurity risks are identified and addressed to an acceptable level.

Responsibilities

Validation of TPSP Cybersecurity Posture

  • Responsible to establish, communicate and maintain TPSP Cybersecurity Risk Assessment Process Document (Process Approach).
  • Ensure that cybersecurity requirements are practical and communicated to all relevant parties.
  • Coordinate and schedule assessment review work to ensure all TPSP reviews are conducted in accordance with the Third-Party Risk Management (TPRM) cybersecurity risk-based approach.
  • Ensure identified TPSP cybersecurity risks are registered and tracked.
  • Communicate identified TPSP cybersecurity risks to stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
  • Ensure stakeholders adhere to the Process Approach.
  • Work with Group Legal, Risk and Procurement to ensure that TPSP Cybersecurity Risk Assessment Process Document remains relevant to each Business Units (BU).

Management Support

  • Work with BUs and Procurement to maintain an accurate inventory of TPSP.
  • Ensure all BUs stakeholders understand and comply with the Process Approach through awareness campaigns.
  • Produce a consolidate reports for each BU, and Cyber Security Resilience Committee (CSRC) on a regular frequency with the following information:
  • Completion rate of TPSP cybersecurity risk assessment status report
  • Types of Identified risks
  • Aging report of risk closure
  • And other statistics that will raise the TPSP cybersecurity posture of Singtel Group

Customer Experience

  • Demonstrate professional, pro-active qualities in dealing with internal clients and stakeholders.
  • Attend required meetings on information security governance, risk, and compliance topics.

Process and Procedure

  • Assist in the development, implementation, and maintenance of TPSP Process Approach and operating procedures as required.
  • Escalate issues arising from policy non-compliance to the reporting manager.
  • Implement and maintain metrics to ensure that the performance and compliance to Singtel Group security requirements are measured and reporting requirements are met.

Continuous Improvement

  • Maintain strategic vendor partnerships, relevant education, and certification.
  • Complete relevant security education and training as required.
  • Keep abreast of relevant technology to improve service delivery.
  • Identify areas of improvement in delivering services.
  • Keep all role related technical documentation current.
  • Create or improve technical documentation where it is lacking.

Communication and Teamwork

  • Work with all stakeholders to meet security requirements.
  • Promote knowledge sharing, effective communication, and teamwork with peers.


Requirement

  • Bachelor’s Degree in Computer Science, Computer Engineering, Electrical Engineering, or other relevant field of study (Candidates without degree but has relevant experience will also be considered.)
  • Minimum 8 years of experience as an Information Security Professional
  • Experience working as part of an internal Audit, Governance and Compliance team.  
  • Advanced understanding in the following areas:
  • Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools, Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, Security Compliance Audits
  • Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred.
  • Minimum 2 years of practical experience in vendor security management is preferred
  • Experience using or administrating GRC solutions is preferred
  • Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework    

­We are committed to a safe and healthy environment for our employees & customers and will require all prospective employees to be fully vaccinated.

 

At Singtel, we're working on projects that push the boundaries of digital, realising our vision and purpose to Empower Every Generation. We have a dynamic and diverse team, with a passion for innovation, and talent to deliver cutting-edge digital solutions and immersive customer experience.

 

In Group IT, we create great technology that can change the future, and we're looking for people to be part of our digital and 5G journey. If you like to work in a dynamic, leading communications technology group to deliver innovations and excellence across the region, come join our digital, software engineering, data and cyber security teams!

 

Apply now, and ignite our digital future together.