Commercial Bank #011
Performs complex risk assessments of applications, infrastructure, business and technology vendors against a defined risk framework.
Assessments are conducted either through a formalized risk assessment program or through other risk reporting activities (e.g., policy exceptions, risk acceptance).
Provides primary support for vendor attestation documentation review.
Provides specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate third party risks.
Enhances IT/IS risk assessment framework, maintains and improves control and threat library.
Vulnerability assessments and any other relevant areas and support Vendor Risk Management group in performing third party service providers due diligence.