Cybersecurity Third Party Senior Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science or related field or equivalent education and related training
• Eight years of experience in Cybersecurity or related work
• Broad knowledge of general IT with mastery of one or more of the following areas: operating systems, networking, computer programing, web development or database administration
• Demonstrated advanced knowledge of cyber security operations with mastery of one or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response, investigations and remediation
• Experience with systems for automated threat intelligence sharing using industry standard protocols, such as Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indication Information (TAXII)
• Advanced knowledge of processes, procedures and methods to research, analyze and disseminate threat intelligence information
• Ability to lead and persuade individuals and large teams on ideas, concepts and opportunities

Nice To Haves

• Master’s degree or MBA and seven (7+) years of experience or an equivalent combination of education and work experience in Information Security banking.
• Strong knowledge on cybersecurity risks, frameworks, best practices, and industry/regulatory requirements.
• Knowledge and experience in use of cyber security frameworks in assessing programs.
• Experience conducting, preparing, and presenting analysis, findings, and recommendations.
• Bachelor's degree in business administration, technology related field or equivalent education and related training.
• Excellent ability to express complex multi-disciplinary technical and business concepts in terms that are understandable to all levels of Lines of Business and corporate management both verbally and in writing.
• Experience in security architecture reviews, third-party/vendor risk, and threat modeling.
• Ability to read diagrams, detect weak trust boundaries, challenge unsafe designs diplomatically, and build repeatable processes.
• Strong understanding of cloud architectures (AWS/Azure/GCP), VPN, IAM, OAuth, API security, and SaaS integrations.
• Cyber security certifications such as CISA, CISSP
• Other technical Certifications (e.g., CCNA, RHCE, MCSE, etc.)

Responsibilities

• Evaluate security risks for VPN access, cloud integrations, API connections, and SaaS apps.
• Assess authentication, authorization, network segmentation, and trust boundaries.
• Identify excessive access, weak authentication, insecure patterns, and single points of failure.
• Maintain consistent classification of high-risk integrations and critical vendor access.
• Review and approve/deny new vendor connection requests and modifications.
• Partner with business and engineering teams to understand use cases, recommend safer patterns, and propose compensating controls.
• Advise Procurement, Vendor Risk, Application, and Cloud teams on technical risks.
• Translate technical findings into business risk statements and remediation actions.
• Support contractual security requirements and risk acceptance documentation.
• Refine vendor risk processes to move beyond questionnaires and annual reviews.
• Provide risk-based guidance rather than binary approvals.
• Introduce architecture-based risk reviews and threat-model-informed assessments.
• Define standard secure integration patterns, risk thresholds, and escalation criteria.
• Validate network, IAM, and monitoring controls for vendor connections.
• Partner with SOC and Detection Engineering to ensure high-risk connections are monitored.
• Coordinate with third party risk management, incident response, and infrastructure teams to validate threats, contain incidents, and recommend remediation steps.
• Monitor external threat intelligence and vendor security events to assess potential organizational impact.
• Identify and document abuse cases and attack paths involving external parties and publicly exposed assets.
• Translate technical findings into business risk and remediation recommendations.

Benefits

• medical
• dental
• vision
• life insurance
• disability
• accidental death and dismemberment
• tax-preferred savings accounts
• 401k plan
• vacation
• sick days
• paid holidays
• defined benefit pension plan
• restricted stock units
• deferred compensation plan