Vendor Risk Analyst

Atribs Metscon Group Logo

Atribs Metscon Group



Dubai

29/04/2025

Vendor Risk Analyst

Key Responsibilities

  • Conduct thorough assessments of new vendors across all risk areas, with a focus on information security, operational risk, financial risk, and compliance. Evaluate vendor responses to due diligence questionnaires and assess the adequacy of the provided evidence.
  • Assess vendor security controls and risk management practices by analyzing evidence, identifying weaknesses, and evaluating control effectiveness.
  • Perform periodic reviews of existing vendors to ensure they continue to meet security, compliance, and risk management standards, identifying any new or emerging risks.
  • Identify, document, and assess risks and control gaps. Rate vendor controls and risk levels in accordance with the Bank’s methodology.
  • Develop risk remediation plans to address identified issues, working with vendors to gain agreement on timelines and actions. Follow up to ensure corrective actions are implemented in a timely manner.
  • Prepare assessment reports for stakeholders, documenting findings, risk levels, and remediation plans. Maintain thorough records of assessments and follow-ups.
  • Work closely with internal departments, such as Legal, Risk, Compliance, and Information Security, to ensure alignment on risk expectations and facilitate effective vendor risk management.
  • Identify opportunities to improve the vendor risk assessment process, including updates to questionnaires, assessment methodologies, and risk monitoring tools.


Requirements

Key Requirements

  • Minimum of 2 years of experience in vendor risk assessment or a similar role, with a focus on information security and IT risk management. Experience in IT audits, cybersecurity, or risk assessments is highly advantageous.
  • Strong understanding of information security controls, risk management frameworks (e.g., ISO 27001, NIST, COBIT), and regulatory requirements related to outsourcing and third-party risk management.
  • Proven ability to analyze complex documentation and evidence to identify potential risks and control gaps. Comfortable identifying issues, assessing risks, and developing practical remediation plans.
  • Effective communicator with the ability to explain complex issues clearly and negotiate risk remediation plans with vendors and stakeholders.
  • Excellent attention to detail in assessing evidence and documenting findings.
  • Able to work collaboratively in a cross-functional environment, partnering with internal teams and stakeholders to support the third-party risk management objectives.