Information Security 3rd Party Risk Analyst

Company: Texas Capital Bank
Location: Richardson
Posted on: March 16, 2023

Job Description:

Overview:
Texas Capital Bank is built to help businesses and their leaders. Our depth of knowledge and expertise allows us to bring the best of the big banks at a scale that makes sense for our clients, with highly experienced bankers who truly invest in people's success - today and tomorrow. While we are rooted in core financial products, we are differentiated by our approach. Our bankers are seasoned financial experts who possess deep experience across a multitude of industries. Equally important, they bring commitment - investing the time and resources to understand our clients' immediate needs, identify market opportunities and meet long-term objectives. At Texas Capital Bank, we do more than build business success. We build long lasting relationships.Headquartered in Dallas with offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio, Texas Capital Bank was recently named the #1 most trusted bank in the country onNewsweek's inaugural list of America's Most Trusted Companies. For more information about joining our team, please visit us atwww.texascapitalbank.com.Brief Overview of PositionThe Information Security Cyber Assessment Team objective is to ensure that the Bank can effectivelyassess cyber threats and risks against the Bank. The primary role of the Information Security Third PartyRisk Analyst is to perform due diligence risk assessments of new and existing business and technologythird party service providers for the Information Security Department. The work will include assisting theInformation Security Cyber Assessment Manager with new and ongoing due diligence risk assessmentsof third parties from the Information Security perspective.

Responsibilities:
--- Partner with internal business units and third parties to inventory all services, status,performance, and cyber risk assessments.--- Perform complex information security risk assessments of current and prospective third-partybusiness and technology providers to assess their control structure and alignment to regulatory,federal/state guidelines and information security bank requirements and partner with internalstakeholders to assess the cyber risk the third party presents to the Bank.--- Complete a cyber risk assessment detailing third party's service inherent risk(s), strengths ofcyber risk scores, along with any cyber risk control gaps presenting elevated risk to the Bank.--- Coordinate and lead cyber risk findings through use of formalized reviews, exception reporting,and cyber risk acceptance reporting.--- Review and confirm the resolution of any cyber risk gaps identified during the cyber riskassessment process.--- Maintain a very strong knowledge of the regulatory cyber risk requirements to ensure that eachthird party meets those requirements. Must be able to competently interpret and apply therequirements independently to mitigate cyber risk to the Bank.--- Contribute to various departmental projects related to third party management activities. Thiscould be as a project lead or supportive role to an existing project.--- Collaborate across various operational and enterprise risk lines of business to ensure all thirdparty cyber review processes are being met.--- Provide support with onboarding and offboarding of new and existing 3rd party cyber risk reviewassessments--- Perform annual audit of vendors to ensure cyber risk is within risk tolerance for the Bank.--- Establish and mature continuous monitoring for the Bank's vendors.--- Build third-party incident response plan, along with existing cyber incident response plans.--- Participate during onsite evaluations for the Bank's vendors.--- Coaches and educates business functional areas on capabilities of cyber risk as it pertains to 3rdparty vendors.The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.

Qualifications:
--- Bachelor's Degree required in a related Information Technology or Computer Science discipline,or equivalent experience required--- 3-7+ years' experience in a position in cyber risk management and/or adherence to regulatoryrequirements (e.g., PCI; HIPPA; or GLBA) related to the financial services or other heavilyregulated industry.--- Experience in performing SOC 1 and SOC 2 audit reviews.--- Experience in remote and on-site vendor audits.--- Experience in risk, compliance, vendor management or audit.--- Takes accountability for ideas from inception to delivery, in an environment that requires robustmetrics to confirm success.--- Excellent verbal and written communication skills and the ability to interact professionally with adiverse group of partners, senior managers, and subject matter experts.--- Proven ability to manage positive relationships with all levels of management and affect keydecisions and outcomes.--- Able to act independently and decisively when making decisions regarding both thetechnological and critical regulatory environment and daily business issues.--- Experience in performing cyber risk reviews to assess security implications and requirements forintroduction of new and existing vendors and technologies.--- Experience in representing technical viewpoints to diverse audiences and in making timely andprudent technical risk decisions.

Keywords: Texas Capital Bank, Richardson , Information Security 3rd Party Risk Analyst, Professions , Richardson, Texas