Vendor Assessor

DeepLight AI is a specialist AI and data consultancy with extensive experience implementing intelligent enterprise systems across multiple industries, with particular depth in financial services and banking. Our team combines deep expertise in data science, statistical modeling, AI/ML technologies, workflow automation, and systems integration with a practical understanding of complex business operations.

DeepLight AI is a specialist AI and data consultancy dedicated to transforming the regional corporate landscape through bespoke, high-impact intelligent systems. Based in the UAE, we partner with organizations across diverse sectors—with a deep-rooted expertise in Financial Services and Banking—to bridge the gap between complex data and actionable business strategy.

At DeepLight, we dont believe in "off-the-shelf" fixes. We deliver tailored AI solutions designed to integrate seamlessly into existing enterprise architectures, ensuring that innovation is both scalable and secure. From building robust data foundations to deploying sophisticated AI platforms, we empower our clients to lead in an increasingly automated world.

The Vendor Assessor (Third-Party Risk & Security) is a critical risk-management position within Deeplight consultancy, embedded directly within a major banking client. The role is responsible for performing comprehensive security, privacy, and technical risk assessments on third-party vendors, cloud service providers, and external software suppliers before they are integrated into the banks ecosystem. Serving as an essential gatekeeper for institutional security, this position ensures that external entities meet the banks rigorous security baselines and financial regulatory compliance mandates, upholding Deeplights standards of thoroughness and professional integrity.

Your responsibilities in this role include:

• Vendor Risk Assessment: Conduct end-to-end cybersecurity and data privacy risk evaluations of third-party vendors, reviewing SOC 2 reports, ISO certifications, penetration test results, and architecture diagrams
• Compliance Validation: Verify that prospective and existing vendors strictly comply with financial services regulations, local banking authority guidelines, and internal information security standards
• Risk Remediation & Tracking: Identify security gaps during assessments, negotiate technical remediation plans with vendor security teams, and track open risks to closure or formal senior sign-off
• Audit Document Maintenance: Produce detailed, defensible risk assessment reports and maintain an accurate ledger of third-party risk profiles to support internal and external regulatory audits
• Stakeholder Coordination: Advise internal procurement teams, business sponsors, and senior risk managers on vendor-related technical risks to enable informed commercial decisions
• Strategic Representation: Represent Deeplight by modeling proactive risk management, objective analytical judgment, and structured communication across all business functions
  
  

• Third-Party Risk Management experience(TPRM): Mastery of TPRM methodologies, vendor risk-tiering structures, and continuous monitoring practices within an enterprise environment
• Deep proficiency in global security and privacy frameworks, including ISO/IEC 27001, NIST SP 800-53, SOC 1/SOC 2 reporting standards, and data protection laws (e.g., GDPR)
• The ability to critically evaluate a vendors network security, application security, cloud controls (AWS/Azure), and disaster recovery protocols
• Capacity to constructively challenge vendor security assertions and guide internal business stakeholders when vendor risks exceed acceptable thresholds
• Exceptional ability to synthesize complex technical findings into clear, objective risk summary reports for senior leadership
• A minimum of 5 years of dedicated experience in cybersecurity auditing, information security risk management, or third-party risk management (TPRM)
• Proven experience executing vendor security assessments within a regulated tier-1 or tier-2 banking institution or financial services environment
• Prior experience in a client-facing professional services or consultancy capacity, managing high-volume assessment pipelines and meeting client service-level agreements
• Documented experience evaluating the security posture of cloud-native infrastructure, software-as-a-service (SaaS) products, and APIs
• It would be great if you also have:
  
  

• Automation Platform Experience: Practical familiarity with enterprise TPRM and GRC platforms (e.g., OneTrust, Archer, ServiceNow, Whistic)
• Supply Chain Security: Conceptual understanding of software supply chain vulnerabilities, open-source dependencies, and automated software bill of materials (SBOM) validation
  
  

• Competitive salary
• Comprehensive personal health insurance
• Visa Sponsorship for the successful individual
• Professional development and certification support
• Subscription reimbursement relating to your role
• Opportunity to work on cutting-edge AI projects
• Monthly Employee Incentive program
• Career advancement opportunities in a rapidly growing AI company