hero

Memphis Job Opportunities

42
companies
511
Jobs

Senior Security Analyst, Third Party Vendor Risk

Raymond James Financial

Raymond James Financial

IT
St. Petersburg, FL, USA · Southfield, MI, USA · Memphis, TN, USA
Posted on Oct 22, 2024
Senior Security Analyst, Third Party Vendor Risk -2403421

Description

This position follows our hybrid-friendly schedule, so you get the best of both worlds – flexibility and collaboration. In office days will be 2-3 per week averaging 10-12 days per month in one of the following Corporate Office locations: St. Petersburg, FL; Southfield, MI; Memphis, TN.

Job Summary:
Raymond James Financial is celebrating over 60 years of client-first service in the financial industry and is looking to add a new member to our growing IT Vendor Risk Management (VRM) team. You will be working with a motivated team of multi-faceted individuals working to ensure the protection of the company and our clients’ data from third-party threats by assessing the security controls of our vendors and contractors. As a member of the IT VRM team, you will join a team dedicated to risk identification and management that has the opportunity to collaborate with all areas of the company, including our international teams, to help prevent third-party attacks before they are introduced to our environment. This team is exposed to new technologies, business concepts, and team daily, which makes it the perfect team for you as a motivated, self-driven, well-communicated, eager to learn individual.

As a valued member of the team, you will conduct information security Vendor Risk Assessments (VRA) on all in-scope third-party requests from all facets of RJF. You will be a lead individual offering mentorship and experience to the remainder of the team. You will operate as a Senior Analyst on this team and will be the focal point for Business Units and Branches to provide support and direction in the Information Security of our suppliers.

You will have the opportunity to provide support and guidance towards the SRM BCP, VRM PCI DSS Third Party compliance matrix, IAM requirements, SharePoint administration, and Tableau reporting metrics.

Essential Duties and Responsibilities:
• Communicate at all levels and with all business units in providing support in the onboarding of third-party vendors with respect to the assessment of Information Security networks of a chosen vendor
• Create and manage relationships with business units and stakeholders of the Vendor Risk Management process of Third Party Information Security
• Act as the focal point for Information Technology Business Continuity Plans and Disaster Recovery events
• Where required, create Threat Based Risk Assessments for the Vendor Risk Assessment function
• Understand, and be familiar with PCI DSS requirements and assist in obtaining Attestation of Compliance from respective vendors in our inventory

Qualifications

Knowledge, Skills, and Abilities:
Knowledge of:
IT controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
• Recognized IT control frameworks and standards (e.g., COBIT, ITIL, CRI, and ISO 17799).
• Accepted industry audit and control standards (e.g., AICPA, ISACA).
• State and federal information protection and control-related legislation (e.g., GLBA, SOXA 404, SB 1386, HIPAA, etc.).
• International protection and control-related legislation (e.g., GDPR, Quebec Law 25, etc.).
Skill in:
• Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
Ability to:
• Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
• Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
• Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
• Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.
• Develop and use collaborative relationships to facilitate the accomplishment of work goals.
• Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.
• Must be self driven and maintain critical thinking when problem solving or overcoming business challenges.
• Must be comfortable working both independently and in a team environment.
• Occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.

Education/Previous Experience:
• Typically requires a Bachelor's degree in Computer Science, Information Systems, Cyber Intelligence, Business Administration or related degree and three to five (3-5) years of relevant experience or combination of education, training and experience.
• The successful candidate must also have experience in Continuation of Business, incorporating Disaster Recovery and Business Continuity Planning
• Must be comfortable communicating, influencing, and negotiating with senior leadership and stakeholders on a regular basis.
• Must have knowledge of project management, and business processes, preferably in the financial sector.
• The successful candidate should also have a base knowledge of financial regulatory requirements such as SEC, FINRA, OCC, FFIEC, and or SOX.

Licenses/Certifications:
• Security+, GCCC, or equivalent industry certification required
• CISSP, CSIM, CISA, or relevant comparative certification preferred but not required

Raymond James Guiding Behaviors

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.


We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcomes
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm

At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates. When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs.

Job

Technology

Primary Location

US-FL-St. Petersburg-Saint Petersburg

Other Locations

US-TN-Memphis-Memphis, US-MI-Southfield-Southfield

Organization

Technology

Schedule

Full-time

Shift

Day Job

Travel

No
#LI-EB1