Deputy Vice President - Vendor Security Risk Governance

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, colour, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose 

Responsible for establishing and enhancing the framework for evaluating vendor risk and processes to support third party due diligence, risk assessment and ongoing monitoring.

The role is also responsible for leading SBIC third party risk strategy, ensuring adequate resources are align to processes to support due diligence, risk assessment and ongoing monitoring, ensuring inherent risks and control gaps are accurately identified and remediated in timely manner.

Role Accountability 

1. Manage risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle as part of SBIC’s Vendor Risk Management Program (VRMP)
2. Lead vendor risk assessment program to ensure that organizational security risks are identified and appropriately mitigated
3. Ensure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are reviewed periodically from information security perspective
4. Actively identify, prioritize and pursue opportunities to enhance SBIC’s third party risk management processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness
5. Oversee vendor risk assessments from information security perspective using ISO27001, PCI DSS, NIST framework to meet the organization standards 
6. Monitor and report status of open observations and remedial efforts to SBI Card leadership
7. Define, monitor and report KRIs/ SLAs pertaining to VRM, while ensuring tight integration with the Sourcing processes
8. Represent Third Party Risk in Sourcing, Risk or organization-wide working groups and committees
9. Monitor vendor compliance, undertake extensive vendor evaluations from information security perspective and then make active recommendations to the business / vendor to mitigate the risks and provide risk based clauses for the agreements with the vendor
10. Work with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement, a plan is developed and executed that indicates the process and/or service involved, the outgoing vendor, the replacement vendor, the anticipated timeline, measurable milestones, expected completion date and the plan for contingencies
11. Act as a subject matter expert to assist the business in identifying and mitigating risks on their vendor relationships
12. Deliver continuous training and awareness to Business partners on vendor risk
13. Proactively engage on opportunities to work with the business to educate stakeholders on the Third Party Risk Management program
14. Ensure process documentation and compliance adherence

Measures of Success 

1. Successful closure of vendor risk assessments within the agreed timelines
2. Increase in maturity of vendor risk  Programs (Adoption & Capabilities)
3. Timely and accurate development and maturing of the Vendor risk profiling of SBI Card
4. Timely and accurate delivery of updates, presentations, assessment reports etc. to relevant stakeholders
5. Alignment of Third-Party Risk Management Program with regulatory requirements
6. Timely monitoring and reporting of KRIs/ SLAs pertaining to VRM
7. Timely and accurate publication of MIS/ business dashboards 
8. Process Adherence as per MOU

Technical Skills / Experience / Certifications

1. Industry-standard certifications such as ISO27001 LA, CEH, CCNA, CISSP, MCP etc.
2. Knowledge of contract terms and conditions
3. Understanding of the inherent risks associated with engaging suppliers to perform services and support projects/initiatives 
4. Knowledge of common assessment control techniques
5. Knowledge of analytic techniques and methods
6. Understanding of security controls from a people, process and technology perspective
7. Should be familiar with PCI-DSS framework
8. Experience managing service providers/supplier relationships

Competencies critical to the role

1. Detail Orientation
2. Process Orientation 
3. Stakeholder Management
4. Influencing skills

Qualification 

Bachelor’s Degree in Computer Science / Information Security related areas

Preferred Industry

FSI