GRC Supplier Risk Manager

@ Confidential

Overview

The GRC Supplier Risk Manager role is in the Cyber department of a financial institution in the central region. The position focuses on managing cyber risks in the supply chain, sending questionnaires to suppliers, tracking the remediation of vulnerabilities, obtaining supplier signatures on documents, and ensuring supplier compliance with the bank’s information security requirements.

Responsibilities

• Manage cyber risks in the supply chain.
• Send and follow up on supplier questionnaires.
• Monitor and track corrective actions for identified issues.
• Obtain supplier signatures on compliance documents.
• Conduct AM surveys, work on contracts, and liaise with various bank departments.
• Work primarily on-site at the bank with occasional supplier visits.

Collaboration

You will work closely with teams from infrastructure, architecture, communications, business units, compliance, legal, suppliers, and technology companies in a regulated, security standards-driven environment.

Requirements

• Minimum 3 years of experience in information security and cyber.
• Familiarity with supply chain risks: cyber, financial, operational, technological, and regulatory.
• Experience dealing with and assessing suppliers.
• Knowledge of regulatory requirements such as the Privacy Protection Law, Bank of Israel mandates, PCI-DSS, SOX, ISO27001, SOC2, etc. (advantageous).
• Relevant IT and information security certifications (e.g., CSMP Cyber Security, GRC) are advantageous.
• Familiarity with cyber supply chain questionnaires or automated systems is a plus.

Key skills/competency

• Cybersecurity
• Risk Management
• Compliance
• Supply Chain
• Information Security
• Questionnaires
• Regulation
• Contracts
• Audits
• Financial Sector