Security Analyst, Third Party Vendor Risk
Saint Petersburg, Florida
Employer: Raymond James Financial Incorporated
Industry: Technology
Salary: Competitive
Job type: Full-Time
This position will follow our hybrid work model, we expect the selected candidate to be in office 2-3 days a week at one of the following Corporate Office locations: St. Petersburg, FL, Memphis, TN, or Southfield, MI.
Job Summary:
Raymond James Financial is celebrating over 60 years of client-first service in the financial industry and is looking to add a new member to our growing IT Vendor Risk Management (VRM) team. You will be working with a motivated team of multi-faceted individuals working to ensure the protection of the company and our clients' data from third-party threats by assessing the security controls of our vendors and contractors. As a member of the IT VRM team, you will join a team dedicated to risk identification and management that has the opportunity to collaborate with all areas of the company, including our international teams, to help prevent third-party attacks before they are introduced to our environment. This team is exposed to new technologies, business concepts, and team daily, which makes it the perfect team for you as a motivated, self-driven, well-communicated, eager to learn individual. As a valued member of the team, you will conduct information security Vendor Risk Assessments (VRA) on all in-scope third-party requests from all facets of RJF. You will be a lead individual offering mentorship and experience to the remainder of the team. You will operate as an Analyst on this team and will be the focal point for Business Units and Branches to provide support and direction in the Information Security of our suppliers.
You will have the opportunity to provide support and guidance towards the VRM PCI DSS Third Party compliance matrix, IAM requirements, SharePoint administration, and Tableau reporting metrics.
Essential Duties and Responsibilities:
• Communicate at all levels and with all business units in providing support in the onboarding of third-party vendors with respect to the assessment of Information Security networks of a chosen vendor
• Create and manage relationships with business units and stakeholders of the Vendor Risk Management process of Third Party Information Security
• Where required, create Threat Based Risk Assessments for the Vendor Risk Assessment function
• Understand, and be familiar with PCI DSS requirements and assist in obtaining Attestation of Compliance from respective vendors in our inventory
Qualifications:
Knowledge, Skills, and Abilities:
Knowledge of:
IT controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
• Recognized IT control frameworks and standards (e.g., COBIT, ITIL, CRI, and ISO 17799).
• Accepted industry audit and control standards (e.g., AICPA, ISACA).
• State and federal information protection and control-related legislation (e.g., GLBA, SOXA 404, SB 1386, HIPAA, etc.).
• International protection and control-related legislation (e.g., GDPR, Quebec Law 25, etc.).
Skill in:
• Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
Ability to:
• Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
• Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
• Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
• Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.
• Develop and use collaborative relationships to facilitate the accomplishment of work goals.
• Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.
• Must be self driven and maintain critical thinking when problem solving or overcoming business challenges.
• Must be comfortable working both independently and in a team environment.
• Occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
Education/Previous Experience:
• Minimum of a Bachelor's degree in Computer Science, MIS, Business or related degree and 1-2 years of relevant experience or a combination of education, training and experience as approved by Human Resources.
• Must be comfortable communicating, influencing, and negotiating with senior leadership and stakeholders on a regular basis.
• Must have knowledge of project management, and business processes, preferably in the financial sector.
• The successful candidate should also have a base knowledge of financial regulatory requirements such as SEC, FINRA, OCC, FFIEC, and or SOX.
Licenses/Certifications:
• Security+, CISSP, CSIM, CISA, or GCCC certification preferred but not required
• The selected candidate will be expected to obtain the GCCC and Security+ within 1 year of joining. This will be company funded.
Raymond James Guiding Behaviors
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcome
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm
Job Summary:
Raymond James Financial is celebrating over 60 years of client-first service in the financial industry and is looking to add a new member to our growing IT Vendor Risk Management (VRM) team. You will be working with a motivated team of multi-faceted individuals working to ensure the protection of the company and our clients' data from third-party threats by assessing the security controls of our vendors and contractors. As a member of the IT VRM team, you will join a team dedicated to risk identification and management that has the opportunity to collaborate with all areas of the company, including our international teams, to help prevent third-party attacks before they are introduced to our environment. This team is exposed to new technologies, business concepts, and team daily, which makes it the perfect team for you as a motivated, self-driven, well-communicated, eager to learn individual. As a valued member of the team, you will conduct information security Vendor Risk Assessments (VRA) on all in-scope third-party requests from all facets of RJF. You will be a lead individual offering mentorship and experience to the remainder of the team. You will operate as an Analyst on this team and will be the focal point for Business Units and Branches to provide support and direction in the Information Security of our suppliers.
You will have the opportunity to provide support and guidance towards the VRM PCI DSS Third Party compliance matrix, IAM requirements, SharePoint administration, and Tableau reporting metrics.
Essential Duties and Responsibilities:
• Communicate at all levels and with all business units in providing support in the onboarding of third-party vendors with respect to the assessment of Information Security networks of a chosen vendor
• Create and manage relationships with business units and stakeholders of the Vendor Risk Management process of Third Party Information Security
• Where required, create Threat Based Risk Assessments for the Vendor Risk Assessment function
• Understand, and be familiar with PCI DSS requirements and assist in obtaining Attestation of Compliance from respective vendors in our inventory
Qualifications:
Knowledge, Skills, and Abilities:
Knowledge of:
IT controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
• Recognized IT control frameworks and standards (e.g., COBIT, ITIL, CRI, and ISO 17799).
• Accepted industry audit and control standards (e.g., AICPA, ISACA).
• State and federal information protection and control-related legislation (e.g., GLBA, SOXA 404, SB 1386, HIPAA, etc.).
• International protection and control-related legislation (e.g., GDPR, Quebec Law 25, etc.).
Skill in:
• Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
Ability to:
• Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
• Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
• Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
• Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.
• Develop and use collaborative relationships to facilitate the accomplishment of work goals.
• Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.
• Must be self driven and maintain critical thinking when problem solving or overcoming business challenges.
• Must be comfortable working both independently and in a team environment.
• Occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
Education/Previous Experience:
• Minimum of a Bachelor's degree in Computer Science, MIS, Business or related degree and 1-2 years of relevant experience or a combination of education, training and experience as approved by Human Resources.
• Must be comfortable communicating, influencing, and negotiating with senior leadership and stakeholders on a regular basis.
• Must have knowledge of project management, and business processes, preferably in the financial sector.
• The successful candidate should also have a base knowledge of financial regulatory requirements such as SEC, FINRA, OCC, FFIEC, and or SOX.
Licenses/Certifications:
• Security+, CISSP, CSIM, CISA, or GCCC certification preferred but not required
• The selected candidate will be expected to obtain the GCCC and Security+ within 1 year of joining. This will be company funded.
Raymond James Guiding Behaviors
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcome
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm
Created: 2024-06-16
Reference: 2401982
Country: United States
State: Florida
City: Saint Petersburg