Third-Party Cyber Risk Engineer III
United States
Full Time
2 days ago
H1B Sponsor
Key skills
CloudCyber SecurityDNSFirewallsServiceNowSMTPAIMLLLMAnalyticsBIPower BIIAMSAMLLDAPSSOSaaSRisk ManagementCommunicationNetwork SecurityCloud SecurityZero TrustFirewall
About this role
Role Overview
- Independently and collaboratively manage cybersecurity risks across the Bank’s third‑party ecosystem.
- Lead technical assessments of third‑party services and clearly communicate findings to business partners and vendors.
- Help advance the team’s efficiency and quality by introducing AI and automation into assessment, monitoring, and review processes.
- Partner with technology teams to design and implement modern solutions that strengthen the Third‑Party Cyber Risk program.
- Perform technical cybersecurity assessments of third‑party vendors, including cloud security, IAM, application and data security, network security, security governance, and incident response capabilities.
- Evaluate evidence and due‑diligence materials, ensuring accuracy and completeness.
- Manage identified cyber risks using a risk‑based approach, documenting control gaps and monitoring remediation through the third‑party lifecycle.
- Develop and implement automation, dashboards, and AI‑enabled enhancements to improve assessment efficiency, evidence analysis, and overall program operations.
- Support incident response involving third parties and help secure SaaS platforms by configuring monitoring tools, advising business teams, and driving remediation of compliance issues.
- Produce clear technical findings and executive‑level reporting, and communicate risks with internal stakeholders and external vendors.
- Maintain and improve program documentation, including policies, standards, and procedures.
- Coordinate with SMEs to develop accurate, timely responses to due‑diligence inquiries from customers, rating agencies, and prospective clients, reflecting the Bank’s security posture.
Requirements
- 5+ years of experience in cybersecurity, security engineering, or third-party/vendor risk management, ideally within a regulated industry.
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.
- Entry level to intermediate knowledge of general Financial Services or Banking is preferred.
- Solid understanding of authentication protocols SAML, SSO, and LDAP.
- Solid understanding of concepts regarding SIEM, SOAR, Firewall, Proxies, SSL/TLS, Secure Mail Gateways, Application Firewalls, NAC, Vulnerability Scanners, and EDR.
- Intermediate to advanced understanding of logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
- Solid understanding of load balancers, DNS, SMTP, etc. for troubleshooting application functionality.
- Intermediate to advanced knowledge of NIST, MITRE and Administration of either or all of an IT Automation platform, SOAR, Firewall, IAM platform, SIEM, cloud cyber defense platform etc.
- Strong technical skills across cloud and application security, IAM/Zero Trust, network and endpoint security, and data protection.
- Experience applying AI and automation (e.g., Power Automate) to improve workflows such as evidence analysis, document review, task execution, and reporting; additional experience building analytics using Power BI preferred.
- Knowledge of AI/ML security risks—including LLM governance, data‑ingestion controls, model‑risk considerations—and experience reviewing SOC reports, automated assessment outputs, and technical evidence.
- Working knowledge of security frameworks such as ISO 27001/27002, NIST CSF, NIST SP 800‑53, SOC reporting, and SIG/SCA.
- Strong communication, organization, and attention‑to‑detail skills, with the ability to manage multiple assessments and cross‑functional deadlines.
- Relevant certifications (CISA, CRISC, CISM, CISSP, CTPRP) required.
- Experience with vendor‑risk and security platforms (e.g., ServiceNow, SecurityScorecard, ProcessUnity, Recorded Future) preferred.
Tech Stack
- Cloud
- Cyber Security
- DNS
- Firewalls
- ServiceNow
- SMTP
Benefits
- competitive salaries
- an ownership stake in the company
- medical and dental insurance
- time off
- a great 401k matching program
- tuition assistance program
- an employee volunteer program
- a wellness program