Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
Digital Third Party Cyber Risk Consultant
Edward Jones is seeking a skilled Digital Third Party Cyber Risk Consultant with a technical architect background to join their team. This full-time position is crucial for ensuring the company's information security systems and assets are protected within the overall TECH risk management program.
Team Overview
The TECH Digital 3rd party risk and security awareness organization is part of Edward Jones' comprehensive TECH risk management program. This team proactively collaborates with IS and business leaders to implement information risk management practices that align with Edward Jones' policies and standards.
What You'll Do
As a Senior Risk and Controls Security Analyst, you will act as a key liaison between Cybersecurity, Legal, and Business units. Your primary responsibility will be identifying, evaluating, and mitigating information security risks while ensuring strict adherence to federal and state laws, regulations, and industry standards. This role demands deep technical knowledge of cybersecurity principles and a strong understanding of data protection and privacy laws. You will be responsible for assessing, monitoring, and remediating the security posture and compliance of external vendors throughout their lifecycle to protect the organization's data and systems.
Key Responsibilities:
- Regulatory Compliance and Legal Alignment: Monitor and interpret cybersecurity laws and regulations, translating them into actionable controls and policies. Collaborate with legal teams on compliance issues and ensure security documentation is current.
- Conduct Assessments: Perform in-depth information security risk assessments of third-party vendors, including documentation review, interviews, and technical reviews of security controls (e.g., infrastructure, access management, application security, physical security).
- Identify and Escalate Risks: Identify security gaps and risks (e.g., software supply chain vulnerabilities, non-compliance) and effectively communicate them to internal stakeholders and vendors to develop remediation strategies.
- Reporting & Communication: Prepare and present risk and compliance status reports to various stakeholders and contribute to cybersecurity awareness programs.
- Ensure Compliance: Evaluate third parties against internal policies and external regulatory standards and frameworks such as NIST, ISO 27001, SOC 2, HIPAA, GDPR, and PCI-DSS.
- Partner with Stakeholders: Collaborate with internal teams (Legal, Procurement, Compliance, business units) to ensure contract language meets cyber requirements and align risk management with business objectives.
- Monitor Continuously: Oversee ongoing monitoring of critical and high-risk vendors using risk intelligence tools and conduct periodic reassessments to manage evolving threats.
What Experience You'll Need:
- Education: A Bachelor's degree in a relevant field is required. An advanced degree in Cyber Law or a related legal/regulatory field is highly desirable.
- Experience: Requires 5-8 years in information security, risk management, or compliance, particularly in regulated environments.
- Certifications: Professional certifications like CISSP, CISM, CISA, CRISC, are strongly preferred.
- Skills: Strong understanding of regulations (FINRA, NYDFS) and frameworks (NIST, MITRE, CSA). Excellent analytical and critical thinking abilities, communication skills for diverse audiences, and the capacity to manage multiple projects and deadlines.
Work Arrangement
Current INTERNAL home-based associates may retain their home-based status. Candidates living within commuting distance of Tempe, AZ, and St. Louis, MO, are expected to work in the office three days per week (Tuesday-Thursday preferred).
Awards & Accolades
Edward Jones is recognized for building an inclusive environment where associates' contributions are valued. Explore their U.S. and Canadian awards and accolades.
About Us
Edward Jones is a Fortune 500 financial services firm focused on client well-being, with over 9 million clients and 20,000 financial advisors. As a privately-owned company, their priority is clients, not shareholder returns. Their purpose is to partner for positive impact, improving lives and communities. They foster an innovative, flexible, and inclusive culture that inspires performance and belonging.
Key skills/competency
- Third Party Risk Management
- Cybersecurity
- Risk Assessment
- Regulatory Compliance
- Technical Architect
- Information Security
- Vendor Management
- Risk Mitigation
- NIST Frameworks
- FINRA Regulations
How to Get Hired at Edward Jones
- Tailor your resume: Highlight experience in information security, risk management, and compliance, especially in regulated environments. Emphasize technical architecture skills and knowledge of relevant frameworks like NIST, ISO, and SOC 2.
- Showcase regulatory knowledge: Clearly list your understanding of FINRA, NYDFS, HIPAA, GDPR, and PCI-DSS in your application. Mention any advanced degrees in Cyber Law or related fields.
- Prepare for technical and behavioral questions: Be ready to discuss your experience with risk assessments, technical security controls, and identifying/escalating risks. Practice explaining complex concepts clearly to diverse audiences.
- Demonstrate certifications and skills: If you hold CISSP, CISM, CISA, or CRISC certifications, ensure they are prominently featured. Articulate your analytical, critical thinking, and project management abilities.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background