Old Mutual

OM Bank: Third Party Risk Analyst

PayCompetitive
LocationJohannesburg/Gauteng
Employment typeFull-Time

This job is now closed

Apply to similar jobs

  • Job Description

      Req#: JR-68270

      Let's Write Africa's Story Together!

      Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

      Job Description

      The Cyber Security Third-Party Risk Analyst is responsible for evaluating and monitoring the cybersecurity posture of third-party service providers, with a particular focus on SaaS partners. This role is key to ensuring third-party compliance with the organization's cybersecurity requirements and regulatory standards.

      The position sits within the Partner Management function, with a strong dotted-line reporting relationship into the Cyber Security GRC team to ensure alignment with enterprise risk and compliance objectives.

      KEY RESULT AREAS

      Third-Party Security Assessments

      • Conduct initial and annual cybersecurity risk assessments of all critical and high-risk third-party SaaS vendors. Review responses to security questionnaires and evidence of controls (e.g., SOC 2, ISO 27001, penetration test reports).

      Due Diligence & Onboarding

      • Support pre-contract security due diligence for new vendors. Work closely with Legal, Procurement, and Cyber Security to identify and mitigate risks before onboarding.

      Ongoing Monitoring

      • Implement and manage continuous monitoring processes (e.g., security rating platforms, regulatory watchlists) to detect new risks with existing partners. Ensure follow-up on incidents or changes in risk posture.

      Compliance Alignment

      • Align assessments with internal standards and external frameworks such as NIST CSF, CIS Controls, and local regulatory requirements (e.g., SARB, POPIA, GDPR). Maintain evidence for audit readiness.

      Engagement & Collaboration

      • Act as the liaison between Partner Management and Cyber Security. Escalate high-risk findings and support remediation conversations with partners.

      Reporting & Metrics

      • Track third-party risk metrics and report trends and exceptions to the GRC Lead and Partner Management leadership. Maintain a centralized third-party risk register.

      Process Improvement

      • Contribute to maturing the third-party cyber risk management process. Identify automation or tooling opportunities (e.g., TPRM platforms). Maintain assessment templates and documentation.
      • Risk Assessment Completion Rate: Complete 100% of scheduled third-party and cloud risk assessments within the designated timeframes.
      • Risk Mitigation Effectiveness: Achieve a reduction in identified high-risk issues by at least 80% within six months of discovery.
      • Vendor Compliance Rate: Ensure at least 95% of third-party vendors meet the organization’s security requirements.
      • Incident Response Timeliness: Respond to third-party and cloud-related security incidents within the defined SLA (e.g., 4 hours for critical incidents).
      • Audit Readiness: Maintain 100% readiness for internal and external audits with no major findings related to third-party or cloud security controls.
      • Stakeholder Satisfaction: Achieve high satisfaction scores of in performance feedback surveys.

      ROLE REQUIREMENTS

      Education:

      • Bachelor's degree in Information Security, Risk Management, Computer Science, or a related field.

      Certifications (advantageous):

      • CISA, CRISC, CCSK or similar.
      • Familiarity with SOC 2 or ISO 27001 audit requirements.

      Professional Experience:

      • 3 years of experience in cybersecurity, IT risk management, third-party/vendor risk, or IT audit.
      • Proven experience reviewing and assessing the cybersecurity posture of SaaS or cloud-based service providers.
      • Experience conducting or supporting security due diligence and third-party risk assessments.

      Technical Knowledge:

      • Understanding of cybersecurity frameworks (e.g. NIST CSF, CIS Controls, ISO 27001).
      • Familiarity with cloud security concepts and controls, especially for SaaS platforms.
      • Ability to interpret technical documents such as SOC 2 reports, penetration test summaries, and ISO certifications.

      Tooling (advantageous):

      • Experience using third-party risk management tools
      • Exposure to GRC platforms

      Skills

      Adaptive Thinking, Application Development, Computer Literacy, Confidentiality, Data Compilation, Data Compression, Data Controls, Data Modeling, Data Privacy, Data Recovery, Digital Literacy, Gateway Servers, IT Network Security, Probing Questions, Test Case Management

      Competencies

      Action Oriented

      Communicates Effectively

      Cultivates Innovation

      Ensures Accountability

      Manages Complexity

      Nimble Learning

      Optimizes Work Processes

      Persuades

      Education

      Closing Date

      03 July 2025 , 23:59

      The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

      The Old Mutual Story!

  • About the company

      Old Mutual Limited is a pan-African investment, savings, insurance, and banking group.

Notice

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.

Other job opportunities

third party risk management jobs remote
remote credit risk management careers pittsburgh
bank of america remote jobs
bank remote jobs
remote bank jobs
More information about Old Mutual