Raymond James Analyst, IT GRC (Third Party Risk) in St. Petersburg, Florida

Description:

Raymond James Financial works with thousands of outside parties, from enterprise-level technology providers, to startup SaaS applications, law firms, and worldwide professional services organizations. Information Security is looking for a highly motivated Governance, Risk, and Compliance Analyst to help maintain Raymond James’ high security standards whenever and wherever we share data outside the company, provide access to our network, or offload business or technology functionality.

This role is responsible for performing security due diligence risk assessments, tracking security remediation projects, and maintaining compliance requirements for Raymond James’ third party relationships. GRC Analysts on this team manage multiple, large scale security assessments and projects to identify and remediate perceived risks, consult with the third parties to influence remediation roadmaps, and most importantly, advise Raymond James business units of any residual risk they may be accepting. While we use many industry standard tools and processes to conduct third party risk assessments, this GRC Analyst is expected to call out risks and gaps that would go unnoticed during the normal process, relying on technical expertise, industry research, discussions with third party security teams, and business acumen.

RESPONSIBILITIES:

• Conducting surveys, interviews, and document design reviews

• Coordinating contractors, employees, and vendors in conducting assessments, testing controls, and implementing remediation.

• Assessing supplier security based on a review of site reports, SOC, and SSAE documentation.

• Maintain vendor records, documentation, and design improvements

• Preparing metrics and reports for senior management on the state of supplier compliance

• Gain and maintain a broad understanding of the global regulatory landscape impacting Raymond James -- Remain current with emerging regulatory trends and solutions.

• Guide the procurement and legal team to ensure contracts with external parties have the required security terms, and participate in complex contract negotiations with external partners at a global level.

#LI-MM2

Experience and Skills:

• Minimum of a B.S. in Computer Science, MIS, Business or related degree and three (3) years of relevant experience in auditing or risk assessing or combination of education, training and experience.

• Recognized IT control frameworks, standards, audit, regulations

• Technical knowledge in at least one security domain such as engineering, system and network security, authentication or security protocols.

• Excellent written and verbal communication skills.

• Leadership, teamwork and collaboration skills.

• Experience in generating automated metrics to measure IT security effectiveness and consistency.

• Results oriented, high energy, self-motivated.

• Occasional travel required.

Competencies:

• Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.

Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.

Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.

Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.

Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals.

Client Focus: Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.

Job: *Technology

Organization: *Technology

Title: Analyst, IT GRC (Third Party Risk)

Location: FL-St. Petersburg-Saint Petersburg

Requisition ID: 1801294

Other Locations: US-CO-Denver