Job Description

Responsible for second line of defense assessment and management of Cyber Security risks associated with Third Party relationships, including review and determination of accuracy of due diligence information, documentation of appropriate risk assessments, approval of risk ratings, monitoring of assigned portfolio, and identification of exceptions.

Responsibilities

Lead and contribute to assessments of the cyber security risk of third party vendors with an appropriate level of detail
Travel to vendor locations for on-site assessments (Post Covid on a need to basis)
Interface with senior executives, legal, technology risk management, business teams, application management, and third-party program management on cyber security risk issues
Identify controls to address gaps in third party vendor relationships
Lead the design and implementation of Cyber Security related governance and tools
Act as a liaison between Cyber Security teams and third party governance processes

Define and create relevant metrics and reports
Review the cyber related attestations by third parties such as SOC1, SOC2, ISO 27001 and report any observations for further review and tracking

Support the creation and update of third party related policies
Review vendor risk reports created by internal and external entities for impacts to cyber security
Provide SME support to business and technology teams which have third party issues in-scope
Keep up-to-date on the latest trends, methodologies and tools related to third party
Interface with industry coalitions working on third party cybersecurity issues
Ensure security alignment with the TPRM process and provide security decisions and input throughout the process
Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments

Consults with the business and operational infrastructure personnel regarding new and existing technologies
Recommends new security tools to management and reports and provides guidance and expertise in their implementation
Partner across teams to identify and remediate risk for partners, clients, vendors, suppliers
Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles
Addresses high risk security concerns or incidents
Recommends course of action to mitigate risk and ensures that appropriate standards are established and published
Conduct initial risk assessments of stakeholder and update the risk assessment on an as needed basis.

Education/Experience

Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
7+ years of related experience required
Experience in the securities or financial services industry is a plus
Experience with Third Party Risk Management
Experience defining, implementing and monitoring Vendor Information Security Risk Management Programs
Superior communication skills: both verbal and written

Lic/Cert/Reg

Required: None required
Preferred: None preferred

Note: This job has multiple levels (i.e. I, II, III, etc.). The posted job description includes the qualifications associated with the entry level position. If hired, you may be placed at a level above the entry level position. The level of placement will be based on experience, education and skills.

Additional Minimum and Preferred Qualifications

Benefits Statement

Benefits: A variety of health and welfare and other benefit programs are available, including medical, dental, vision, Wellness Program, Personal Savings Plan (401K), Health Savings Account, Flexible Spending Account, accident benefits, critical illness, hospital indemnity, life insurance, disability benefits, paid vacation & holidays, paid leave programs, tuition assistance programs, pet insurance and more.

Legal requirements

Pay Transparency Policy Statement

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information (41 C.F.R. 60-1.35 (c)).

Individuals with Disabilities

BBVA USA invites all interested and qualified applicants to apply for employment opportunities. If you are a U.S.-based job seeker with a disability who is unable to use our online tools to search and apply for jobs, please contact us by emailing: disabilityaccessjobs.us@bbva.com or by calling toll-free (in the U.S.) 1-844-664-9275. Please indicate the specific type of assistance needed*.

*The disability access telephone line and email address are reserved solely for job seekers with disabilities requesting accessibility assistance or an accommodation. Please do not call about the status of your job application if you do not require accessibility assistance or an accommodation. Messages left for other purposes, such as following up on an application or non-disability related or technical issues, will not receive a response.