Third-Party Cyber Risk Engineer III

About The Position

Requirements

• 5+ years of experience in cybersecurity, security engineering, or third‑party/vendor risk management, ideally within a regulated industry.
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.
• Entry level to intermediate knowledge of general Financial Services or Banking is preferred.
• Solid understanding of authentication protocols SAML, SSO, and LDAP.
• Solid understanding of concepts regarding SIEM, SOAR, Firewall, Proxies, SSL/TLS, Secure Mail Gateways, Application Firewalls, NAC, Vulnerability Scanners, and EDR.
• Intermediate to advanced understanding of logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
• Solid understanding of load balancers, DNS, SMTP, etc. for troubleshooting application functionality.
• Intermediate to advanced knowledge of NIST, MITRE and Administration of either or all of an IT Automation platform, SOAR, Firewall, IAM platform, SIEM, cloud cyber defense platform etc.
• Strong technical skills across cloud and application security, IAM/Zero Trust, network and endpoint security, and data protection.
• Experience applying AI and automation (e.g., Power Automate) to improve workflows such as evidence analysis, document review, task execution, and reporting; additional experience building analytics using Power BI preferred.
• Knowledge of AI/ML security risks—including LLM governance, data‑ingestion controls, model‑risk considerations—and experience reviewing SOC reports, automated assessment outputs, and technical evidence.
• Working knowledge of security frameworks such as ISO 27001/27002, NIST CSF, NIST SP 800‑53, SOC reporting, and SIG/SCA.
• Strong communication, organization, and attention‑to‑detail skills, with the ability to manage multiple assessments and cross‑functional deadlines.
• Relevant certifications (CISA, CRISC, CISM, CISSP, CTPRP) required.

Nice To Haves

• Experience with vendor‑risk and security platforms (e.g., ServiceNow, SecurityScorecard, ProcessUnity, Recorded Future) preferred.

Responsibilities

• Perform technical cybersecurity assessments of third‑party vendors, including cloud security, IAM, application and data security, network security, security governance, and incident response capabilities.
• Evaluate evidence and due‑diligence materials, including automated assessment outputs, SOC reports, penetration tests, policies, procedures, and AI‑related documentation, ensuring accuracy and completeness.
• Manage identified cyber risks using a risk‑based approach, documenting control gaps and monitoring remediation through the third‑party lifecycle.
• Develop and implement automation, dashboards, and AI‑enabled enhancements to improve assessment efficiency, evidence analysis, and overall program operations.
• Support incident response involving third parties and help secure SaaS platforms by configuring monitoring tools, advising business teams, and driving remediation of compliance issues.
• Produce clear technical findings and executive‑level reporting, and communicate risks with internal stakeholders and external vendors.
• Maintain and improve program documentation, including policies, standards, and procedures.
• Coordinate with SMEs to develop accurate, timely responses to due‑diligence inquiries from customers, rating agencies, and prospective clients, reflecting the Bank’s security posture.

Benefits

• We offer all the important things you'd want — like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program.
• In addition, you’ll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!