-Risk & Compliance: Support alignment between the Third-Party Cyber Risk Management framework, policies, standards, and procedures in alignment with NIST 800-161, ISO 27001, SIG/SIG Lite, CAIQ, NIST CSF, CIS Controls, DORA (EU), NYDFS, MAS TRM (Singapore), and other relevant regulations/frameworks.

-Reporting & Metrics: Present detailed cybersecurity performance reports and dashboards, producing executive-level reporting, dashboards, and KRIs/KPIs on the third-party cyber risk posture.

-Cyber Legal Requirements: Partner with procurement, legal, business owners, and technical teams to embed cyber requirements into contracts (including right-to-audit clauses, data protection, and security SLAs).

-Continuous Monitoring: Support activity to operationalise Cyber monitor continuous vendor risk through threat intelligence feeds, external attack surface monitoring, and fourth party/sub-contractor mapping.

-Process Improvement: Identify opportunities to optimize cybersecurity processes, implementing best practices to reduce operational risks focusing on ongoing monitoring, annual re-assessments, off-boarding, and trigger-based reviews (e.g., material changes, incidents, ransomware events affecting vendors).

-Stakeholder Engagement: Act as a point of contact for internal teams, senior leadership, and third-party partners, ensuring clear communication and alignment on third party risk management.

-Project Coordination: Collaborate with project teams to support transformation activity for cybersecurity initiatives, ensuring seamless integration into service operations.

-Subject Matter Expert : Act as the subject-matter expert on emerging supply-chain threats (e.g., SolarWinds-style attacks, Log4j, MOVEit, 3rd-party breaches) to drive lessons-learned into the transformation and improvements.

-Collaboration: Lead or contribute to cross-functional working groups on supply-chain cybersecurity initiatives.

-Minimum bachelor’s degree in Information Security, Computer Science, Risk Management, or equivalent.

-10 years of experience in cybersecurity governance, third-party risk, vendor risk management, or IT audit.

-Demonstrated knowledge of cybersecurity frameworks (NIST 800-161, ISO 27036, CSA CCM).

-Firsthand experience with ServiceNow (workflow/ITSM), SureCloud (GRC), PowerBI (data visualization), and BitSight (third-party risk management).

-Knowledge of emerging technology related to AI and Third-Party Risk Management (TPRM).

-Proven ability to interpret SOC 2, ISO 27001, PCI DSS reports, penetration tests, and vulnerability scans.

-Experience in delivery of training or advisory workshops is highly desirable.

-Professional certifications preferred: CISA, CRISC, ITIL, GRCP, or equivalent.

-Strong understanding of cloud security (AWS, Azure, GCP) and Software-as-a-Service risks.

-Excellent communication skills – able to translate technical risk into business language for executives and non-technical stakeholders.

-Experience working with procurement/legal on contract negotiations is highly desirable.

-Strong analytical skills with the ability to interpret complex data and translate it into meaningful reports and recommendations.

-Stakeholder management and influence without direct authority .

-Transformation program and project management

-Ability to work in a fast-paced, global environment and manage multiple priorities effectively.

-Available to work in flexible hours with global teams in different time zones.

-Language(s): fluent English written and spoken.