Digital Third Party Cyber Risk Consultant - Technical Architect

{"description": " Opportunity Overview

Team Overview:

The TECH Digital 3rd party risk and security awareness organization is part of the Edward Jones overall TECH risk management program, which is designed to ensure that the company's information security systems and information assets are adequately protected. The overall TECH Cyber Risk Management Team works proactively with IS and business leaders to implement practices that meet Edward Jones defined policies and standards for information risk management.

What You'll Do:

The Senior Risk and Controls Security Analyst, with an emphasis on cyber law, serves as a key liaison between the Cybersecurity, Legal, and Business units. This position is critical in identifying, evaluating, and mitigating information security risks while ensuring strict adherence to applicable federal and state laws, regulations, and industry standards. The ideal candidate will possess deep technical knowledge of cybersecurity principles and a strong understanding of the legal landscape surrounding data protection and privacy. The associate is responsible for evaluating the security posture and compliance of external vendors to mitigate risks to an organization's data and systems. This role involves assessment, monitoring, and remediation activities throughout the vendor's lifecycle.

• Regulatory Compliance and Legal Alignment: Monitor and interpret cybersecurity laws and regulations, translating them into actionable controls and policies. This role involves collaboration with legal teams on compliance issues and ensuring security documentation reflects current requirements.

• Conduct Assessments: Perform in-depth information security risk assessments of third-party vendors, which may involve reviewing documentation, conducting interviews, and performing technical reviews of security controls (e.g., infrastructure security, access management, application security, physical security).
• Identify and Escalate Risks: Identify security gaps or risks (e.g., vulnerabilities in software supply chain, non-compliance with standards) and effectively communicate these to internal stakeholders and vendor representatives to develop remediation strategies.

• Reporting & Communication: Prepare and present reports on risk and compliance status to various stakeholders and contribute to cybersecurity awareness programs.
• Ensure Compliance: Evaluate third parties against internal policies and external regulatory standards and frameworks such as NIST, ISO 27001, SOC 2, HIPAA, GDPR, and PCI-DSS.
• Partner with Stakeholders: Collaborate with internal teams, including Legal, Procurement, Compliance, and business units, to ensure contract language reflects cyber requirements and to align risk management activities with business objectives.
• Monitor Continuously: Oversee ongoing monitoring of critical and high-risk vendors using various risk intelligence tools and perform periodic reassessments to manage evolving threats

EEO Statement

Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.

Company Description

Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500 company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns.

Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.

People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.

View our Purpose, Inclusion and Citizenship Report.

Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.

Awards and Accolades

At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.

Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones

Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones

Position Requirements

What Experience You'll Need:

• Education: A Bachelor's degree in a relevant field is required, and an advanced degree in Cyber Law or a related legal/regulatory field is highly desirable.
• Experience: Requires 5-8 years in information security, risk management, or compliance, particularly in regulated environments.
• Certifications: Professional certifications like CISSP, CISM, CISA, CRISC, are strongly preferred.
• Skills: Essential skills include a strong understanding of regulations (FINRA, NYDFS) and frameworks (NIST, MITRE, CSA), analytical and critical thinking abilities, excellent communication skills for diverse audiences, and the capacity to manage multiple projects and deadlines.

Current INTERNAL home-based associates: While this role is posted as hybrid, if selected and accepted, you may retain your home-based status . Edward Jones intends in good faith to continue offering the role as home-based, though future business or regulatory needs may require on-site work.

**Candidates that live within in a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.**

Salary Information

Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage. Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account. Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm's Employee Assistance Program. For more information on the Benefits available to Edward Jones associates, please visit our benefits page.", "salary_raw": "Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short - and long - term disability, basic life, and basic AD&D coverage. Short - and long - term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax - advantaged accounts: health savings account, and flexible spending account. Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm's Employee Assistance Program. For more information on the Benefits available to Edward Jones associates, please visit our benefits page ."}