Associate, Third Party Risk Management

ABOUT THE JOB

We are looking Associate, Third Party Assessments<ins> who will be responsible for driving and delivering critical risk and compliance activities regarding NAB third party management. You will be part of a multi-national team of risk management experts, working together to ensure third parties (suppliers/service providers) that NAB engage with comply with industry standards, regulatory requirements, and apply appropriate controls in order to protect NAB’s business operation and our customer.

YOUR JOB RESPONSIBILITIES

• Identify risks related to third party by conducting inherent risk and impact assessments against third party provided services – ensuring regulatory compliance such as APRA CPS 230

• Assess third party controls against identified risks to determine if they are mitigated

• Communicate assessment results to relevant stakeholders, including senior management.

• Provide advice and guidance to the business to ensure residual risks related to third party provided services are managed within the Group Risk Appetite, and enabling business to build and uplift third party controls.

• Communicate and drive third party risk management best practice and consistency across the enterprise

• Supporting key stakeholders and risk partners with the execution of key processes related to third-party risk management activities, including assurance review, contingent plan review, finding management, controls uplift.

• 3-5 years of proven experience in operational risk and/or information security risk management/ consulting.<ins> Experience within the context of third-party risk management is an advantage.

• Understand and having working knowledge of regulatory requirements, including Vietnamese Law on Cyber Information Security, Circular 09/2023/TT-NHNN, Personal Data Protection Decree; and Australia CPS 230, Privacy Acts.

• Understand and having working knowledge of information security related standards/frameworks such as ISO 27001, ISO 27017, ISO 22301, AICPA SOC (System and Organization Controls), NIST Cyber Security Framework, CIS Security Controls is preferred

• An information security/business continuity related certification (CISA/CISM/CISSP/CBCI) is a plus

• Excellent communication and presentation skills, with the ability to convey technical information to non-technical stakeholders.

• Attention to detail and a commitment to accuracy and quality.

• Ability to work independently and collaboratively in a fast-paced, global environment.

• Strong analytical skills with the ability to interpret complex data and identify trends

• Experience with risk management software/platform and tools is desirable.