Senior Digital Third Party Cyber Risk Consultant

Innovate at Edward Jones

It's an exciting time to work in technology at Edward Jones. We are making massive investments in emerging technologies to improve how we work with our clients and with each other. Relationships are the focus of our business model, and working in Technology here means using your skills to build, deliver, and maintain the technologies that enable us to deepen and support those relationships. The best part? We develop and create our own industry-leading solutions internally, and you can be a part of it. This involves working with emerging new technologies, creating platforms, programs, and experiences that change how we work together and support our client-first focus, ultimately changing the future of our firm, the industry, and the advisor-client relationship.

Job Overview

Position Schedule: Full-Time

This job posting is anticipated to remain open for 30 days, from 19-Feb-2026. The posting may close early due to the volume of applicants.

Team Overview

The TECH Digital Third Party Risk and Security Awareness organization is part of the Edward Jones overall TECH risk management program, designed to ensure that the company's information security systems and information assets are adequately protected. The overall TECH Cyber Risk Management Team works proactively with Information Security and business leaders to implement practices that meet Edward Jones defined policies and standards for information risk management.

What You'll Do as a Senior Digital Third Party Cyber Risk Consultant

The Senior Digital Third Party Cyber Risk Consultant, with an emphasis on cyber law, serves as a key liaison between the Cybersecurity, Legal, and Business units. This position is critical in identifying, evaluating, and mitigating information security risks while ensuring strict adherence to applicable federal and state laws, regulations, and industry standards. The ideal candidate will possess deep technical knowledge of cybersecurity principles and a strong understanding of the legal landscape surrounding data protection and privacy. You will be responsible for evaluating the security posture and compliance of external vendors to mitigate risks to an organization's data and systems, involving assessment, monitoring, and remediation activities throughout the vendor's lifecycle.

• Regulatory Compliance and Legal Alignment: Monitor and interpret cybersecurity laws and regulations, translating them into actionable controls and policies. This involves collaboration with legal teams on compliance issues and ensuring security documentation reflects current requirements.
• Conduct Assessments: Perform in-depth information security risk assessments of third-party vendors, which may involve reviewing documentation, conducting interviews, and performing technical reviews of security controls (e.g., infrastructure security, access management, application security, physical security).
• Identify and Escalate Risks: Identify security gaps or risks (e.g., vulnerabilities in software supply chain, non-compliance with standards) and effectively communicate these to internal stakeholders and vendor representatives to develop remediation strategies.
• Reporting & Communication: Prepare and present reports on risk and compliance status to various stakeholders and contribute to cybersecurity awareness programs.
• Ensure Compliance: Evaluate third parties against internal policies and external regulatory standards and frameworks such as NIST, ISO 27001, SOC 2, HIPAA, GDPR, and PCI-DSS.
• Partner with Stakeholders: Collaborate with internal teams, including Legal, Procurement, Compliance, and business units, to ensure contract language reflects cyber requirements and to align risk management activities with business objectives.
• Monitor Continuously: Oversee ongoing monitoring of critical and high-risk vendors using various risk intelligence tools and perform periodic reassessments to manage evolving threats.

Compensation and Benefits

Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage. Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account. Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm's Employee Assistance Program. For more information on the Benefits available to Edward Jones associates, please visit our benefits page.

Hiring Minimum: $120,000

Hiring Maximum: $204,300

Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act. Edward Jones is prohibited from hiring individuals with certain specified criminal history as set forth in Section 3(a)(39) and 15(b)(4) and Rule 17a-3(a)(12) of the Securities and Exchange Act of 1934, and conducts background reviews consistent with FINRA Rule 3110(e). A copy of a notice regarding the provisions of the Los Angeles County Fair Chance Ordinance is available at: dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf.

Skills & Requirements

What Experience You'll Need

• Education: A Bachelor's degree in a relevant field is required, and an advanced degree in Cyber Law or a related legal/regulatory field is highly desirable.
• Experience: Requires 5-8 years in information security, risk management, or compliance, particularly in regulated environments.
• Certifications: Professional certifications like CISSP, CISM, CISA, CRISC, are strongly preferred.
• Skills: Essential skills include a strong understanding of regulations (FINRA, NYDFS) and frameworks (NIST, MITRE, CSA), analytical and critical thinking abilities, excellent communication skills for diverse audiences, and the capacity to manage multiple projects and deadlines.

Current INTERNAL home-based associates: While this role is posted as hybrid, if selected and accepted, you may retain your home-based status. Edward Jones intends in good faith to continue offering the role as home-based, though future business or regulatory needs may require on-site work.

Candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.

Awards & Accolades

At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.

• Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones
• Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones

About Us

Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns.

Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.

People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.

View our Purpose, Inclusion and Citizenship Report.

¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.

Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.

Key skills/competency

• Cybersecurity
• Risk Management
• Third-Party Risk
• Regulatory Compliance
• Information Security
• Cyber Law
• Vendor Assessment
• NIST Framework
• ISO 27001
• Data Protection