Vendor Assessor

About the role

DeepLight AI is a specialist AI and data consultancy with extensive experience implementing intelligent enterprise systems across multiple industries, with particular depth in financial services and banking. Our team combines deep expertise in data science, statistical modeling, AI/ML technologies, workflow automation, and systems integration with a practical understanding of complex business operations. DeepLight AI is a specialist AI and data consultancy dedicated to transforming the regional corporate landscape through bespoke, high-impact intelligent systems. Based in the UAE, we partner with organizations across diverse sectors-with a deep-rooted expertise in Financial Services and Banking-to bridge the gap between complex data and actionable business strategy. At DeepLight, we don't believe in "off-the-shelf" fixes. We deliver tailored AI solutions designed to integrate seamlessly into existing enterprise architectures, ensuring that innovation is both scalable and secure. From building robust data foundations to deploying sophisticated AI platforms, we empower our clients to lead in an increasingly automated world. The Vendor Assessor (Third-Party Risk & Security) is a critical risk-management position within Deeplight consultancy, embedded directly within a major banking client. The role is responsible for performing comprehensive security, privacy, and technical risk assessments on third-party vendors, cloud service providers, and external software suppliers before they are integrated into the bank's ecosystem. Serving as an essential gatekeeper for institutional security, this position ensures that external entities meet the bank's rigorous security baselines and financial regulatory compliance mandates, upholding Deeplight's standards of thoroughness and professional integrity. Your responsibilities in this role include: Vendor Risk Assessment: Conduct end-to-end cybersecurity and data privacy risk evaluations of third-party vendors, reviewing SOC 2 reports, ISO certifications, penetration test results, and architecture diagrams. Compliance Validation: Verify that prospective and existing vendors strictly comply with financial services regulations, local banking authority guidelines, and internal information security standards. Risk Remediation & Tracking: Identify security gaps during assessments, negotiate technical remediation plans with vendor security teams, and track open risks to closure or formal senior sign-off. Audit Document Maintenance: Produce detailed, defensible risk assessment reports and maintain an accurate ledger of third-party risk profiles to support internal and external regulatory audits. Stakeholder Coordination: Advise internal procurement teams, business sponsors, and senior risk managers on vendor-related technical risks to enable informed commercial decisions. Strategic Representation: Represent Deeplight by modeling proactive risk management, objective analytical judgment, and structured communication across all business functions. As an AI consultancy, our greatest asset is the expertise of our people. While technical mastery is the foundation of what we do, the ability to bridge the gap between complex data science and actionable business value is what defines your success with Deeplight. We're looking for individuals who are not only world-class in their fields of specialism, but also compelling communicators and persuasive advocates for their own skills. You will be the face of our firm, tasked with building trust, articulating the "why" behind your technical decisions, and effectively "selling" your vision to high-level stakeholders. If you thrive on the challenge of presenting cutting-edge solutions as much as you do on building them, you will fit right in. We need you to have: Third-Party Risk Management experience(TPRM): Mastery of TPRM methodologies, vendor risk-tiering structures, and continuous monitoring practices within an enterprise environment. Deep proficiency in global security and privacy frameworks, including ISO/IEC 27001, NIST SP 800-53, SOC 1/SOC 2 reporting standards, and data protection laws (e.g., GDPR). The ability to critically evaluate a vendor's network security, application security, cloud controls (AWS/Azure), and disaster recovery protocols. Capacity to constructively challenge vendor security assertions and guide internal business stakeholders when vendor risks exceed acceptable thresholds. Exceptional ability to synthesize complex technical findings into clear, objective risk summary reports for senior leadership. A minimum of 5 years of dedicated experience in cybersecurity auditing, information security risk management, or third-party risk management (TPRM). Proven experience executing vendor security assessments within a regulated tier-1 or tier-2 banking institution or financial services environment. Prior experience in a client-facing professional services or consultancy capacity, managing high-volume assessment pipelines and mee

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Deeplight? Share your experience