IT Vendor Risk Management

  • Wrocław, dolnośląskie
  • Specjalista
  • Pełny etat
  • 08.08.2019
  • Ważna jeszcze 13 dni (do 07.09.2019)

    Pracodawca ma prawo zakończyć rekrutację we wcześniejszym terminie.

    Credit Suisse is a leading global wealth manager with strong investment banking capabilities. Headquartered in Zurich, Switzerland, we have a global reach with operations in about 50 countries and employ more than 45,000 people from over 150 different nations. Embodying entrepreneurial spirit, Credit Suisse delivers holistic financial solutions to our clients, including innovative products and specially tailored advice. Striving for quality and excellence in our work, we recognize and reward extraordinary performance among our employees, provide wide-ranging training and development opportunities, and benefit from a diverse range of perspectives to create value for our clients, shareholders and communities. We are Credit Suisse.
    IT Vendor Risk Management # 137680
    Workplace: Wrocław


    We are seeking a Vendor risk manager to ensure that his or her organization's vendor ecosystem is evaluated, assessed and handled to minimize risk exposure and risk impacts to the business.

    The vendor risk manager's responsibility is to anticipate, identify, monitor and mitigate risks associated with third-party vendors. Vendor risk management will include working with central Third Party Risk Management (TPRM) team to assess how GCTO can use current information to understand its vendor risk. In addition, you will be compiling data and completing documentation related to vendor risk, as well as ensuring that any issues are appropriately captured, reviewed and mitigated to acceptable levels.

    Primary Responsibilities and Activities

    • You will need to oversee the identification and ranking of vendor risks.
    • Build communication and escalation plans around vendor risk management activities within the enterprise.
    • Manage the gathering of vendor risk assessment data and prepare risk assessments for critical-related vendors as needed, to be published and communicated to partners.
    • Track identified risks and risk events.
    • Partner with sourcing and vendor relationship/contract management functions to manage vendor behavior.
    • Collaborate as appropriate with information security, compliance and/or disaster recovery and business continuity management to maintain an enterprise risk management program.
    • Communicate identified risk requirements and violations to internal partners (and end users within the business) and responsible vendors while supporting the response to and addressing of these issues.
    • Learn and understand how vendor risks assessed and mitigated by peer organizations, and bring successful practices to GCTO.
    • Work with service owners to develop contingency plans for GCTO's critical vendors/ Tech Partners to reduce service disruption
    • Understand external factors might impact GCTO’s vendors, such as regulatory constraints, change in accounting rules, M&As, etc. that might accelerate the development of vendor risk. Mature vendor risk management discipline that examines the key risk elements.
    • Craft a vendor dependency matrix that identifies vendor interdependencies and risks associated with it.
    • A department which values Diversity and Inclusion (D&I) and is committed to realizing the firm’s D&I ambition which is an integral part of our global Conduct and Ethics Standards.

    How will we evaluate success?

    • GCTO Vendor dependency matrix is built and maintained
    • TPRM process is clearly understood and support internal stakeholders to navigate through process successfully


    Education and Training

    • You will ideally have a Bachelor's degree in business, computer science, data analytics or related field.
    • Desired professional qualifications may include:
    • Certification in Risk Management Assurance (CRMA)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Systems Security Professional (CISSP)


    • You will have a minimum three to five years of experience in handling risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation and remediation if risk
    • You are require to have a Technical background or demonstrable understanding of a range of operational and IT risks and operations is desirable
    • You have strong business background; experience gathering and interpreting risks and associated impacts in context of financial and operational concerns
    • Deep understanding of complex vendor risk-related issues through demonstrated experience handling vendor relationships, information security or regulatory compliance programs, and audits

    Required Knowledge and Skill

    • You should possess excellent knowledge of IT, operational, security and legal risk concepts
    • Experience with compliance and security audits, and risk mitigation plans
    • Familiarity with vendor management and governance concepts
    • Experience with vendor risk management applications and services
    • Previous experience developing and completing vendor risk assessments for enterprise vendors
    • Familiarity with local/regional/global industry and government regulations (for example: Sarbanes-Oxley Act, Payment Card Industry Security [PCI] Standards, Health Insurance Portability and Accountability Act [HIPAA])
    • You will benefit from prior experience influencing third parties and handling vendor relationships
    • You should have a deep understanding of financial concepts and range of technologies and tools (for example: financial rating services, security rating services, integrated risk management platforms, vendor risk management platforms, etc.) that will aid in evaluation of the financial and operational risk associated with incumbent and potential suppliers
    • Industry certifications relating to security and risk management are desirable (for example, CRMA, CISA, CISSP)

    Key Behaviors and Competencies

    • You will need a strong social and interpersonal aptitude
    • You have ability to understand the implications and impacts of technical issues and processes in the context of information security and risk management
    • Strong dispute resolution and mediation skills directed toward driving positive outcomes for involved parties
    • You require good ability to communicate complex issues in a language understood by business leaders across multiple disciplines (such as business, IT and security) within an organization
    • High level of personal integrity and proven willingness to call out and act on issues
    • Understands the value of diversity in the workplace and is dedicated to fostering an inclusive culture in all aspects of working life so that people from all backgrounds receive equal treatment, realize their full potential and can bring their full, authentic selves to work. This should be further elaborated on in your application.

    Our benefit

    • Private medical care
    • Life insurance
    • Pension plan
    • Charity days
    • Training and development
    • Internal Mobility

    Other optional

    • Language training course
    • Mentoring
    • Family – nursery and kindergarten funding, gift vouchers for Christmas
    • Parking allowance
    • Health promotion: Multisport card, sporting events and groups within Credit Suisse (skiing trips, football team, running team, tennis training course etc.)
    • Employee discounts on various products and services (event tickets, consumer products, etc.)
    • Relocation package
    • Employee Referral Program
    • Flexible work schedule and working from home (home office)

    Credit Suisse is an equal opportunity employer. Welcoming diversity gives us a competitive advantage in the global marketplace and drives our success.