Vendor Assessor (Third-Party Risk & Security)

TL;DR

Vendor Assessor (Third-Party Risk & Security): Perform end-to-end cybersecurity, privacy, and technical risk assessments for third-party vendors, cloud providers, and external software before integration into a bank’s ecosystem with an accent on TPRM methodologies, security/compliance validation, and defensible risk reporting. Focus on evaluating cloud and application security controls, negotiating remediation plans, and tracking risks to closure for senior leadership decision-making.

Location: Abu Dhabi, United Arab Emirates; Dubai, United Arab Emirates (On-site)

Company

hirify.global is a specialist AI and data consultancy delivering tailored intelligent systems, with deep expertise in financial services and banking.

What you will do

• Conduct end-to-end vendor risk assessments covering cybersecurity and data privacy, including review of SOC 2 reports, ISO certifications, penetration test results, and architecture diagrams.
• Validate vendor compliance with financial services regulations, local banking authority guidelines, and internal information security standards.
• Identify security gaps, negotiate technical remediation plans with vendor security teams, and track open risks to closure or formal senior sign-off.
• Produce detailed, defensible third-party risk assessment reports and maintain an accurate ledger of vendor risk profiles for regulatory audits.
• Advise procurement teams, business sponsors, and senior risk managers on technical vendor risks to support informed commercial decisions.
• Represent DeepLight through proactive, objective risk analysis and structured communication across business functions.

Requirements

• 5+ years of dedicated experience in cybersecurity auditing, information security risk management, or third-party risk management (TPRM).
• Mastery of TPRM methodologies, vendor risk-tiering structures, and continuous monitoring practices in an enterprise environment.
• Strong knowledge of security and privacy frameworks including ISO/IEC 27001, NIST SP 800-53, SOC 1/SOC 2 reporting standards, and data protection laws (e.g., GDPR).
• Ability to evaluate vendor network security, application security, cloud controls (AWS/Azure), and disaster recovery protocols.
• Experience executing vendor security assessments in a regulated tier-1 or tier-2 banking/financial services environment.
• Client-facing professional services/consultancy experience managing high-volume assessment pipelines and meeting service-level agreements.

Nice to have

• Professional certifications such as CISA, CRISC, CISM, or CISSP.
• Experience with enterprise TPRM/GRC platforms (e.g., OneTrust, Archer, ServiceNow, Whistic).
• Knowledge of software supply chain vulnerabilities, open-source dependencies, and SBOM validation.

Culture & Benefits

• Competitive salary and comprehensive personal health insurance.
• Visa sponsorship for the successful individual.
• Professional development and certification support, plus subscription reimbursement related to the role.
• Monthly employee incentive program and career advancement opportunities in a rapidly growing AI company.
• Opportunity to work on cutting-edge AI projects.

Hiring process

• Application and interview process designed to be accessible, predictable, and fair.
• Reasonable adjustments can be requested for the application/interview process.