• Third-Party Risk and Compliance Advisor - Mid…

    USAA (Charlotte, NC)


    Why USAA?

     

    At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

     

    Embrace a fulfilling career at USAA, where our core values – honesty, integrity, loyalty and service – define how we treat each other and our members. Be part of what truly makes us special and impactful.

     

    The Opportunity

     

    We are seeking a diligent and team-oriented Cyber Risk Management Analyst to support our Third-Party Risk Management team. In this position, you will aid in overseeing the first line's third-party technology risk management activities, contributing to the organization's cyber resilience. You will assist in the implementation of a risk-based framework to manage cybersecurity risks associated with vendors and partners, ensuring alignment with risk appetite and regulatory requirements. This role provides an excellent opportunity to learn and develop skills in third-party risk management while contributing to the organization's overall cybersecurity posture.

     

    We offer a flexible work environment that requires an individual to be **in the office 4 days per week.** This position can be based in one of the following locations: Charlotte, NC or Tampa, FL. Relocation assistance is **not** available for this position.

    What you'll do:

    + Implements and works to ensure the maintenance and continuous improvement of a comprehensive, risk-based Third-Party Risk Management (TPRM) technology framework aligns with industry best practices and regulatory expectations.

    + Conducts independent review and challenge of the first line's identification and assessment of inherent and residual cybersecurity risks associated with third-party relationships. This includes initial and on-going review of inherent risk assessments, security questionnaires, and other technology and security assessments.

    + Conducts independent testing of the design and operational effectiveness of controls implemented by the first line of defense and third parties related to third party systems and technology.

    + Monitor the first line's adherence to the organization's cybersecurity policies, standards, and procedures related to third-party risk. Provide the business feedback and recommendations for improvement.

    + Collects and analyzes key risk indicators (KRIs) and key performance indicators (KPIs) to continuously monitor the cyber risk posture of third parties. Contributes and develops reports to management.

    + Stays abreast of evolving cybersecurity regulations and guidance related to TPRM and assist in ensuring the organization's program is aligned with requirements.

    + Reviews and provides input and feedback to the first line's processes for responding to cybersecurity incidents involving third parties.

    + Reviews vendor due diligence processes, ensuring that potential vendors are thoroughly vetted for cybersecurity risks before being onboarded.

    + Reviews cybersecurity requirements in contracts with third parties, ensuring that appropriate security clauses are included.

    + Maintains accurate and up-to-date documentation of TPRM technology activities.

    + Monitors third-party relationships for Member complaints and levels of Member satisfaction ensuring service level agreements are being met.

    + Identify process improvements to enhance the efficiency and effectiveness of the second line cyber and technology TPRM program.

    What you have:

    + Bachelor's degree in a related field (e.g., Information Technology, Cybersecurity, Business Administration). 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree.

    + 4 years of vendor/third-party risk management experience, in financial services, information technology, cyber security or related industry.

    + 2 years of experience with relevant regulatory compliance, industry regulations and regulatory data sources such as Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), etc.

    + Proficient knowledge of relevant cyber and/or technology process(es) and regulatory compliance requirements.

    + Strong knowledge of cybersecurity principles and technologies.

    + Experience working within a regulated, policy-driven environment.

    + Experience with the full lifecycle of third-party relationships, including detailed tasks like invoice reconciliation and ensuring proper termination procedures.

    + Knowledge of cybersecurity principles, technologies, and frameworks (e.g., NIST CSF, ISO 27001).

    + Knowledge of third-party risk management methodologies and best practices (e.g., Shared Assessments).

    + Strong analytical and problem-solving skills.

    + Excellent communication and interpersonal skills.

    What sets you apart:

    + Demonstrated experience with technology risk dimensions, including information security principles, and relevant laws, rules, and regulations.

    + Demonstrated knowledge of cybersecurity principles (NIST 800.53), technologies, and frameworks, specifically NIST Cybersecurity Framework and ISO 27001.

    + Relevant certifications such as CISSP (ISC2), CISA, CRISC, or other certifications from ISACA.

    + Experience in auditing, particularly in the context of third-party risk management, including evaluating or conducting due diligence assessments.

    + Possesses experience using Governance, Risk, and Compliance (GRC) tools and Third-Party Risk Management (TPRM) programs.

     

    Compensation range:** The salary range for this position is: $85,040.00 - $162,550.00 **.

     

    USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.).

     

    **Compensation:** USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location.

     

    Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

     

    The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

     

    **Benefits:** At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

     

    For more details on our outstanding benefits, visit our benefits page on USAAjobs.com.

     

    _Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting._

     

    _USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran._

     

    If you are an existing USAA employee, please use the internal career site in OneSource to apply.

     

    Please do not type your first and last name in all caps.

     

    _Find your purpose. Join our mission._

     

    USAA is unlike any other financial services organization. The mission of the association is to facilitate the financial security of its members, associates and their families through provision of a full range of highly competitive financial products and services; in so doing, USAA seeks to be the provider of choice for the military community. We do this by upholding the highest standards and ensuring that our corporate business activities and individual employee conduct reflect good judgment and common sense, and are consistent with our core values of service, loyalty, honesty and integrity.

     

    USAA attributes its long-standing success to its most valuable resource: our 35,000 employees. They are the heart and soul of our member-service culture. When you join us, you'll become part of a thriving community committed to going above for those who have gone beyond: the men and women of the U.S. military, their associates and their families. In order to play a role on our team, you don't have to be connected to the military yourself – you just need to share our passion for serving our more than 13 million members.

     

    USAA is an EEO/AA Employer - applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, sexual orientation, gender identity or expression, pregnancy, protected veteran status or other status protected by law.

     

    California applicants, please review our HR CCPA - Notice at Collection (https://statmcstg.usaa.com/mcontent/static\_assets/Media/enterprise\_hr\_cpra\_notice\_at\_collection.pdf) here.

     

    USAA is an EEO/AA Employer - applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, sexual orientation, gender identity or expression, pregnancy, protected veteran status or other status protected by law.