Vendor Assessor

DeepLight AI is a specialist AI and data consultancy with extensive experience implementing intelligent enterprise systems across multiple industries, with particular depth in financial services and banking. Our team combines deep expertise in data science, statistical modeling, AI/ML technologies, workflow automation, and systems integration with a practical understanding of complex business operations.

DeepLight AI is a specialist AI and data consultancy dedicated to transforming the regional corporate landscape through bespoke, high-impact intelligent systems. Based in the UAE, we partner with organizations across diverse sectors—with a deep-rooted expertise in Financial Services and Banking—to bridge the gap between complex data and actionable business strategy.

At DeepLight, we don't believe in "off-the-shelf" fixes. We deliver tailored AI solutions designed to integrate seamlessly into existing enterprise architectures, ensuring that innovation is both scalable and secure. From building robust data foundations to deploying sophisticated AI platforms, we empower our clients to lead in an increasingly automated world.

The Vendor Assessor (Third-Party Risk & Security) is a critical risk-management position within Deeplight consultancy, embedded directly within a major banking client. The role is responsible for performing comprehensive security, privacy, and technical risk assessments on third-party vendors, cloud service providers, and external software suppliers before they are integrated into the bank's ecosystem. Serving as an essential gatekeeper for institutional security, this position ensures that external entities meet the bank's rigorous security baselines and financial regulatory compliance mandates, upholding Deeplight’s standards of thoroughness and professional integrity.

Your responsibilities in this role include:

• Vendor Risk Assessment: Conduct end-to-end cybersecurity and data privacy risk evaluations of third-party vendors, reviewing SOC 2 reports, ISO certifications, penetration test results, and architecture diagrams.
• Compliance Validation: Verify that prospective and existing vendors strictly comply with financial services regulations, local banking authority guidelines, and internal information security standards.
• Risk Remediation & Tracking: Identify security gaps during assessments, negotiate technical remediation plans with vendor security teams, and track open risks to closure or formal senior sign-off.
• Audit Document Maintenance: Produce detailed, defensible risk assessment reports and maintain an accurate ledger of third-party risk profiles to support internal and external regulatory audits.
• Stakeholder Coordination: Advise internal procurement teams, business sponsors, and senior risk managers on vendor-related technical risks to enable informed commercial decisions.
• Strategic Representation: Represent Deeplight by modeling proactive risk management, objective analytical judgment, and structured communication across all business functions.As an AI consultancy, our greatest asset is the expertise of our people.
While technical mastery is the foundation of what we do, the ability to bridge the gap between complex data science and actionable business value is what defines your success with Deeplight.
We're looking for individuals who are not only world-class in their fields of specialism, but also compelling communicators and persuasive advocates for their own skills.
You will be the face of our firm, tasked with building trust, articulating the "why" behind your technical decisions, and effectively "selling" your vision to high-level stakeholders.
If you thrive on the challenge of presenting cutting-edge solutions as much as you do on building them, you will fit right in.

Requirements

We need you to have:

• Third-Party Risk Management experience(TPRM): Mastery of TPRM methodologies, vendor risk-tiering structures, and continuous monitoring practices within an enterprise environment.
• Deep proficiency in global security and privacy frameworks, including ISO/IEC 27001, NIST SP 800-53, SOC 1/SOC 2 reporting standards, and data protection laws (e.g., GDPR).
• The ability to critically evaluate a vendor's network security, application security, cloud controls (AWS/Azure), and disaster recovery protocols.
• Capacity to constructively challenge vendor security assertions and guide internal business stakeholders when vendor risks exceed acceptable thresholds.
• Exceptional ability to synthesize complex technical findings into clear, objective risk summary reports for senior leadership.
• A minimum of 5 years of dedicated experience in cybersecurity auditing, information security risk management, or third-party risk management (TPRM).
• Proven experience executing vendor security assessments within a regulated tier-1 or tier-2 banking institution or financial services environment.
• Prior experience in a client-facing professional services or consultancy capacity, managing high-volume assessment pipelines and meeting client service-level agreements.
• Documented experience evaluating the security posture of cloud-native infrastructure, software-as-a-service (SaaS) products, and APIs.
• It would be great if you also have:

Professional Certifications: Relevant designations such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISM, or CISSP.
• Automation Platform Experience: Practical familiarity with enterprise TPRM and GRC platforms (e.g., OneTrust, Archer, ServiceNow, Whistic).
• Supply Chain Security: Conceptual understanding of software supply chain vulnerabilities, open-source dependencies, and automated software bill of materials (SBOM) validation.Benefits

The benefits you'll enjoy as part of this role include:

• Competitive salary
• Comprehensive personal health insurance
• Visa Sponsorship for the successful individual
• Professional development and certification support
• Subscription reimbursement relating to your role
• Opportunity to work on cutting-edge AI projects
• Monthly Employee Incentive program
• Career advancement opportunities in a rapidly growing AI company
This position offers a unique opportunity to shape the future of AI implementation while working with a talented team of professionals at the forefront of technological innovation. The successful candidate will play a crucial role in driving our company's success in delivering transformative AI solutions to our clients.

At DeepLight AI, we recognise that diversity drives innovation. We are committed to fostering an inclusive environment where individuals with different thinking styles can thrive and contribute their unique strengths to our specialised AI and data solutions.

Our goal is to ensure our application and interview process is accessible, predictable, and fair for all candidates.

If you require any specific adjustments to the application process, or if you require any reasonable adjustments should you be successful in being processed to the interview stage, please do let us know. This information will be kept strictly confidential and will not impact hiring decisions.