Job Description:
Job Title: Third Party Cyber Risk Assessor
Corporate Title: Up to Vice President
Location: Chester
Company Overview:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference.
Location Overview:
Chester
Find us in the city of Chester, a destination renowned for its culture, history, and beauty. Working at Bank of America Chester offers a far-reaching global career for a world-renowned organisation, whilst being ideally situated against the backdrop of the rolling North Wales hills and the banks of the serene River Dee
Role Description:
In this role, you’ll conduct security reviews of third-party vendors, including pre-assessment, assessment, and remediation activities. Your work directly supports our commitment to safeguarding the Banks’ services.
Responsibilities
As a Third-Party Cyber Risk Assessor, you’ll play a crucial role in ensuring the security of our third-party vendors. Your responsibilities will include:
Validating assessment scope.
Partnering with vendor managers and third parties to answer detailed
questions.
Preparing them for assessment.
Collecting and reviewing documentation.
Evaluate a third party’s information security risk with a holistic lens.
Identifying and discussing any information security gaps in the service provider's program with the third party.
Determining if appropriate information security controls are in place.
Escalating security issues or risks identified during the assessment.
Completing assessment work papers.
Produce assessment summary reports detailing the gaps identified and the potential impact and recommendations for mitigating the risk.
What we are looking for:
A broad knowledge of IT, information security and business continuity principles and concepts
Technical knowledge of a wide range of information security controls and the processes used for evaluating their design and effectiveness.
A technical background in IT and networks having worked in a technical area and gained a deep understanding of the technology.
A good understanding of cyber risks and controls and how they relate to current and emerging technologies.
Critical Thinking skills – Ability to analyse complex security challenges and devise effective solutions.
Problem Solving abilities– Proactive approach to addressing security issues and vulnerabilities.
Technology System Assessment – Previous involvement in evaluating third-party systems for security risks.
Customer and Client Focus – Ability to understand stakeholder needs and provide relevant security guidance.
An ambassador for Bank of America always presenting a professional demeanour to external parties especially when faced with challenging situations.
Effective Oral Communication skills – Articulating security findings and recommendations clearly to technical and non-technical audiences
Vendor Management experience – Coordinating security assessments with external vendors.
Ability to work independently and able to prioritise conflicting tasks.
Flexibility and the ability to adapt easily and quickly to new and changed processes Understanding of System Architecture – Awareness of how system architecture impacts security.
Consulting skills – Providing advice on security best practice.