Senior Security Analyst, Third Party Vendor Risk in St. Petersburg, FL at honor foundations

Date Posted: 10/21/2024

Job Snapshot

Job Description

This position follows our hybrid-friendly schedule, so you get the best of both worlds - flexibility and collaboration. In office days will be 2-3 per week averaging 10-12 days per month in one of the following Corporate Office locations: St. Petersburg, FL; Southfield, MI; Memphis, TN.

Job Summary:
Raymond James Financial is celebrating over 60 years of client-first service in the financial industry and is looking to add a new member to our growing IT Vendor Risk Management (VRM) team. You will be working with a motivated team of multi-faceted individuals working to ensure the protection of the company and our clients data from third-party threats by assessing the security controls of our vendors and contractors. As a member of the IT VRM team, you will join a team dedicated to risk identification and management that has the opportunity to collaborate with all areas of the company, including our international teams, to help prevent third-party attacks before they are introduced to our environment. This team is exposed to new technologies, business concepts, and team daily, which makes it the perfect team for you as a motivated, self-driven, well-communicated, eager to learn individual.

As a valued member of the team, you will conduct information security Vendor Risk Assessments (VRA) on all in-scope third-party requests from all facets of RJF. You will be a lead individual offering mentorship and experience to the remainder of the team. You will operate as a Senior Analyst on this team and will be the focal point for Business Units and Branches to provide support and direction in the Information Security of our suppliers.

You will have the opportunity to provide support and guidance towards the SRM BCP, VRM PCI DSS Third Party compliance matrix, IAM requirements, SharePoint administration, and Tableau reporting metrics.

Essential Duties and Responsibilities:

Job Requirements

Knowledge, Skills, and Abilities:
Knowledge of:
IT controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
Recognized IT control frameworks and standards (e.g., COBIT, ITIL, CRI, and ISO 17799).
Accepted industry audit and control standards (e.g., AICPA, ISACA).
State and federal information protection and control-related legislation (e.g., GLBA, SOXA 404, SB 1386, HIPAA, etc.).
International protection and control-related legislation (e.g., GDPR, Quebec Law 25, etc.).
Skill in:
Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
Ability to:
Identify and understand issues, problems and opportunities compare data from different sources to draw conclusions.
Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
Use effective approaches for choosing a course of action or developing appropriate solutions recommend or take action that is consistent with available facts, constraints and probable consequences.
Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas remains current with developments and trends in areas of expertise.
Develop and use collaborative relationships to facilitate the accomplishment of work goals.
Make internal and external clients and their needs a primary focus of actions develop and sustain productive client relationships.
Must be self driven and maintain critical thinking when problem solving or overcoming business challenges.
Must be comfortable working both independently and in a team environment.
Occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.

Education/Previous Experience:
Typically requires a Bachelor's degree in Computer Science, Information Systems, Cyber Intelligence, Business Administration or related degree and three to five (3-5) years of relevant experience or combination of education, training and experience.
The successful candidate must also have experience in Continuation of Business, incorporating Disaster Recovery and Business Continuity Planning
Must be comfortable communicating, influencing, and negotiating with senior leadership and stakeholders on a regular basis.
Must have knowledge of project management, and business processes, preferably in the financial sector.
The successful candidate should also have a base knowledge of financial regulatory requirements such as SEC, FINRA, OCC, FFIEC, and or SOX.

Licenses/Certifications:
Security+, GCCC, or equivalent industry certification required
CISSP, CSIM, CISA, or relevant comparative certification preferred but not required

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm%26#39s core values of client-first, integrity, independence and a conservative, long-term view.


We expect our associates at all levels to:
Grow professionally and inspire others to do the same
Work with and through others to achieve desired outcomes
Make prompt, pragmatic choices and act with the client in mind
Take ownership and hold themselves and others accountable for delivering results that matter
Contribute to the continuous evolution of the firm