Digital Third Party Cyber Risk Consultant - Technical Architect

Edward Jones•Saint Louis, MO

66d•Hybrid

About The Position

Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns. Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging. People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career. The TECH Digital 3rd party risk and security awareness organization is part of the Edward Jones overall TECH risk management program, which is designed to ensure that the company's information security systems and information assets are adequately protected. The overall TECH Cyber Risk Management Team works proactively with IS and business leaders to implement practices that meet Edward Jones defined policies and standards for information risk management. The Senior Risk and Controls Security Analyst, with an emphasis on cyber law, serves as a key liaison between the Cybersecurity, Legal, and Business units. This position is critical in identifying, evaluating, and mitigating information security risks while ensuring strict adherence to applicable federal and state laws, regulations, and industry standards. The ideal candidate will possess deep technical knowledge of cybersecurity principles and a strong understanding of the legal landscape surrounding data protection and privacy. The associate is responsible for evaluating the security posture and compliance of external vendors to mitigate risks to an organization's data and systems. This role involves assessment, monitoring, and remediation activities throughout the vendor's lifecycle.

Requirements

Education: A Bachelor's degree in a relevant field is required, and an advanced degree in Cyber Law or a related legal/regulatory field is highly desirable.
Experience: Requires 5-8 years in information security, risk management, or compliance, particularly in regulated environments.
Certifications: Professional certifications like CISSP, CISM, CISA, CRISC, are strongly preferred.
Skills: Essential skills include a strong understanding of regulations (FINRA, NYDFS) and frameworks (NIST, MITRE, CSA), analytical and critical thinking abilities, excellent communication skills for diverse audiences, and the capacity to manage multiple projects and deadlines.

Responsibilities

Regulatory Compliance and Legal Alignment: Monitor and interpret cybersecurity laws and regulations, translating them into actionable controls and policies. This role involves collaboration with legal teams on compliance issues and ensuring security documentation reflects current requirements.
Conduct Assessments: Perform in-depth information security risk assessments of third-party vendors, which may involve reviewing documentation, conducting interviews, and performing technical reviews of security controls (e.g., infrastructure security, access management, application security, physical security).
Identify and Escalate Risks: Identify security gaps or risks (e.g., vulnerabilities in software supply chain, non-compliance with standards) and effectively communicate these to internal stakeholders and vendor representatives to develop remediation strategies.
Reporting & Communication: Prepare and present reports on risk and compliance status to various stakeholders and contribute to cybersecurity awareness programs.
Ensure Compliance: Evaluate third parties against internal policies and external regulatory standards and frameworks such as NIST, ISO 27001, SOC 2, HIPAA, GDPR, and PCI-DSS.
Partner with Stakeholders: Collaborate with internal teams, including Legal, Procurement, Compliance, and business units, to ensure contract language reflects cyber requirements and to align risk management activities with business objectives.
Monitor Continuously: Oversee ongoing monitoring of critical and high-risk vendors using various risk intelligence tools and perform periodic reassessments to manage evolving threats

Benefits

Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage.
Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates.
Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account.
Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism.
Associates may be eligible for bonuses and profit sharing.
All associates are eligible for the firm's Employee Assistance Program.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume