Sr Cybersecurity Analyst - Third Party Provider

BNP Paribas   •  

Omaha, NE

Industry: Accounting, Finance & Insurance

  •  

Not Specified years

Posted 37 days ago

Position Summary

We are currently seeking motivated, qualified talent to be responsible for performing analysis of the third party providers through desktop reviews and inspections of policies, audit reports, and evidence of security and business resiliency controls to validate operational effectiveness and identify gaps. Responsible for coordinating, developing, and managing controlling workflow activities and deadlines; maintaining, organizing, and gathering information; and coaching peers on assigned tasks. Collaborates with colleagues, management and business partners to identify risks within the Third Party Providers to enhance the security controls and protect Bank sensitive data.

This role:

  • Creates and manages the appropriate artifacts throughout the initiative lifecycle of Corporate Security’s efforts.
  • Ensures work effort dependencies, assumptions, risks and issues are defined, documented and communicated to the appropriate lead and/ stakeholder.
  • Conducts risk assessments to identify risks to security and business resiliency controls. Documents overall effectiveness of operational controls within the Bank and/or Third Party Providers.
  • Conducts desk reviews and inspection of security assessments for the Bank and/or Third Party Providers.
  • Reviews internal and external security and technical test reports (audit, vulnerability and penetration test results, business resiliency Plans, etc.) to validate the effectiveness of operational controls.
  • Facilitates and manages risk assessments and /or security initiatives from communication, approval and reportdistribution to key stakeholders, business units and management.
  • Facilitates and manages risk assessments and /or security initiatives from communication, approval and reportdistribution to key stakeholders, business units and management.
  • Research industry trends and best practices. Keeping abreast of all industry trends and emerging cybersecuritythreats.

#LI-KJ1


Education

  • Bachelor's Degree Business, Computer Science, Information Assurance, Management Information Systems or related field


Skills

  • Strong written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.
  • Sound interpersonal, negotiation, and influencing skills; ability to facilitate discussions around complex issues and bring them to resolution
  • Solid analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired.
  • Good understanding of industry practices and metric reporting fundamentals.
  • Ability to adjust to rapidly changing security environment, prioritize deliverables and manage workflow.
  • Ability to exercise sound judgment and make effective recommendations to management
  • Ability to optimize and condense information and transform data into easily understandable concepts.
  • Solid understanding of financial industry, risk management, and/or corporate security.
  • Basic technical skills in MS Excel, PowerPoint, Word, and Project Knowledgeable in various cybersecurity areas such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, Physical Security and/or Business Resiliency.
  • Good knowledge of security controls for the handling of Personally Identifiable Information (PII) data, regulations and security compliance requirements affecting financial institutions (FFIEC/GLBA)
  • Familiar with assessment frameworks/standards (i.e. ISO/27000 Series, BITS SIG/SAS-70/SSAE-16, COBIT/SOX IT Control Testing, NIST, PCI-DSS

REF: 043185