Third-Party Cyber Risk Engineer III

Columbus, NE - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

Job Title:

Third-Party Cyber Risk Engineer III

Location:

OH - Columbus

What youll do:

As a Third-Party Cyber Risk Engineer III you will independently and collaboratively manage cybersecurity risks across the Banks thirdparty ecosystem. You will lead technical assessments of thirdparty services and clearly communicate findings to business partners and vendors. You will also help advance the teams efficiency and quality by introducing AI and automation into assessment monitoring and review processes. Youll partner with technology teams to design and implement modern solutions that strengthen the ThirdParty Cyber Risk program.

The ThirdParty Cyber Risk Engineer III is a technically strong cybersecurity professional who improves operational efficiency and performs indepth reviews of vendor environments AIenabled capabilities automated assessment outputs and cloud architectures. The role supports Western Alliance Banks ThirdParty Cyber Risk program by identifying material risks validating control effectiveness and ensuring alignment with regulatory requirements internal security standards and enterprise AI governance. Success requires an analytical skeptical mindset that helps uncover hidden risks among the Banks third parties.

This role requires strong engineering processimprovement skills knowledge of security frameworks experience assessing thirdparty cyber risk and the ability to communicate complex technical topics across cyber risk and business teams. This position is inoffice only.

Perform technical cybersecurity assessments of thirdparty vendors including cloud security IAM application and data security network security security governance and incident response capabilities.
Evaluate evidence and duediligence materials including automated assessment outputs SOC reports penetration tests policies procedures and AIrelated documentation ensuring accuracy and completeness.
Manage identified cyber risks using a riskbased approach documenting control gaps and monitoring remediation through the thirdparty lifecycle.
Develop and implement automation dashboards and AIenabled enhancements to improve assessment efficiency evidence analysis and overall program operations.
Support incident response involving third parties and help secure SaaS platforms by configuring monitoring tools advising business teams and driving remediation of compliance issues.
Produce clear technical findings and executivelevel reporting and communicate risks with internal stakeholders and external vendors.
Maintain and improve program documentation including policies standards and procedures.
Coordinate with SMEs to develop accurate timely responses to duediligence inquiries from customers rating agencies and prospective clients reflecting the Banks security posture.

What youll need:

5 years of experience in cybersecurity security engineering or thirdparty/vendor risk management ideally within a regulated industry.
Bachelors degree in Cybersecurity Information Systems Computer Science or related field.
Entry level to intermediate knowledge of general Financial Services or Banking is preferred.
Solid understanding of authentication protocols SAML SSO and LDAP. Solid understanding of concepts regarding SIEM SOAR Firewall Proxies SSL/TLS Secure Mail Gateways Application Firewalls NAC Vulnerability Scanners and EDR.
Intermediate to advanced understanding of logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
Solid understanding of load balancers DNS SMTP etc. for troubleshooting application functionality.
Intermediate to advanced knowledge of NIST MITRE and Administration of either or all of an IT Automation platform SOAR Firewall IAM platform SIEM cloud cyber defense platform etc.
Strong technical skills across cloud and application security IAM/Zero Trust network and endpoint security and data protection.
Experience applying AI and automation (e.g. Power Automate) to improve workflows such as evidence analysis document review task execution and reporting; additional experience building analytics using Power BI preferred.
Knowledge of AI/ML security risksincluding LLM governance dataingestion controls modelrisk considerationsand experience reviewing SOC reports automated assessment outputs and technical evidence.
Working knowledge of security frameworks such as ISO 27001/27002 NIST CSF NIST SP 80053 SOC reporting and SIG/SCA.
Strong communication organization and attentiontodetail skills with the ability to manage multiple assessments and crossfunctional deadlines.
Relevant certifications (CISA CRISC CISM CISSP CTPRP) required.
Experience with vendorrisk and security platforms (e.g. ServiceNow SecurityScorecard ProcessUnity Recorded Future) preferred.

Benefits youll love:
We offer all the important things youd want like competitive salaries an ownership stake in the company medical and dental insurance time off a great 401k matching program tuition assistance program an employee volunteer program and a wellness addition youll have the opportunity to bolster your business knowledge learning the ins and outs of how successful companies operate and manage their finances giving you invaluable hands-on experience to help grow your career!

About the company:

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona Alliance Association Bank Bank of Nevada Bridge Bank First Independent Bank and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC. AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race sex color religion age nation origin marital status disability protected veteran status sexual orientation gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying please email or call . When contacting us please provide your contact information and state the nature of your accessibility issue. We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

Western Alliance Bancorporation

Required Experience:

Job Title:Third-Party Cyber Risk Engineer IIILocation:OH - ColumbusWhat youll do:As a Third-Party Cyber Risk Engineer III you will independently and collaboratively manage cybersecurity risks across the Banks thirdparty ecosystem. You will lead technical assessments of thirdparty services and clearl...

Job Title:

Third-Party Cyber Risk Engineer III

Location:

OH - Columbus

What youll do:

Perform technical cybersecurity assessments of thirdparty vendors including cloud security IAM application and data security network security security governance and incident response capabilities.
Evaluate evidence and duediligence materials including automated assessment outputs SOC reports penetration tests policies procedures and AIrelated documentation ensuring accuracy and completeness.
Manage identified cyber risks using a riskbased approach documenting control gaps and monitoring remediation through the thirdparty lifecycle.
Develop and implement automation dashboards and AIenabled enhancements to improve assessment efficiency evidence analysis and overall program operations.
Support incident response involving third parties and help secure SaaS platforms by configuring monitoring tools advising business teams and driving remediation of compliance issues.
Produce clear technical findings and executivelevel reporting and communicate risks with internal stakeholders and external vendors.
Maintain and improve program documentation including policies standards and procedures.
Coordinate with SMEs to develop accurate timely responses to duediligence inquiries from customers rating agencies and prospective clients reflecting the Banks security posture.

What youll need:

5 years of experience in cybersecurity security engineering or thirdparty/vendor risk management ideally within a regulated industry.
Bachelors degree in Cybersecurity Information Systems Computer Science or related field.
Entry level to intermediate knowledge of general Financial Services or Banking is preferred.
Solid understanding of authentication protocols SAML SSO and LDAP. Solid understanding of concepts regarding SIEM SOAR Firewall Proxies SSL/TLS Secure Mail Gateways Application Firewalls NAC Vulnerability Scanners and EDR.
Intermediate to advanced understanding of logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
Solid understanding of load balancers DNS SMTP etc. for troubleshooting application functionality.
Intermediate to advanced knowledge of NIST MITRE and Administration of either or all of an IT Automation platform SOAR Firewall IAM platform SIEM cloud cyber defense platform etc.
Strong technical skills across cloud and application security IAM/Zero Trust network and endpoint security and data protection.
Experience applying AI and automation (e.g. Power Automate) to improve workflows such as evidence analysis document review task execution and reporting; additional experience building analytics using Power BI preferred.
Knowledge of AI/ML security risksincluding LLM governance dataingestion controls modelrisk considerationsand experience reviewing SOC reports automated assessment outputs and technical evidence.
Working knowledge of security frameworks such as ISO 27001/27002 NIST CSF NIST SP 80053 SOC reporting and SIG/SCA.
Strong communication organization and attentiontodetail skills with the ability to manage multiple assessments and crossfunctional deadlines.
Relevant certifications (CISA CRISC CISM CISSP CTPRP) required.
Experience with vendorrisk and security platforms (e.g. ServiceNow SecurityScorecard ProcessUnity Recorded Future) preferred.