Stifel Financial Corp.
Third-Party Information Security Risk Analyst
Stifel Financial Corp., Saint Louis, Missouri, United States, 63146
Third-Party Information Security Risk Analyst Approved
Join to apply for the
Third-Party Information Security Risk Analyst Approved
role at
Stifel Financial Corp. Why Stifel
Stifel strives for a culture that puts its clients and associates first: a culture where everyone belongs, everyone is welcome, and everyone contributes to the success of our clients, their careers, and the firm as a whole. Let’s talk about how you can find your place here at Stifel,
where success meets success . What You'll Be Doing
The Third-Party Cyber Risk Analyst performs comprehensive third-party risk assessments, focusing on data security, regulatory compliance, and emerging AI use risks. This includes reviewing DDQs, SOC reports, AI governance disclosures, vendor security reports, and supporting documentation from vendors and service providers. The role is critical in safeguarding organizational data by ensuring third-party partners have adequate data protection safeguards. The ideal candidate thinks strategically and is intellectually curious. The analyst will help refine the risk program. What We're Looking For
Evaluate third-party cybersecurity posture using DDQs, SOC 2 Type II reports, ISO certifications, penetration test results, and AI usage documentation. Assess AI models used by third parties for privacy, security, and compliance risks (e.g., data training, model outputs, governance). Identify gaps in vendor controls and recommend mitigations or compensating controls. Advise on residual risk and escalation paths for critical or high-risk vendors. Assist with defining third-party security standards and playbooks. Collaborate with legal, compliance, procurement, and enterprise risk management teams. Maintain and update third-party risk assessment templates to include AI and emerging technology risks. Track and report risk status, remediation plans, and residual risk acceptance. Contribute to continuous improvement of the third-party risk management (TPRM) framework. Create third-party cyber risk posture reports and metrics. Handle highly sensitive information with discretion and objectivity. Participate in third-party incident response after hours or on short notice, if required. What You'll Bring
Strong understanding of NIST CSF, ISO 27001, SOC 2, contractual cybersecurity clauses, and regulatory expectations (e.g., SEC, FINRA, GLBA). Knowledge of AI governance, data security issues, and compliance risks (e.g., data governance, shadow AI). Experience reviewing security questionnaires, due diligence documentation, and audit reports. Excellent analytical, communication, and documentation skills. Education & Experience
Bachelor’s degree in Cybersecurity, Information Technology, or related discipline, or equivalent experience. 7+ years of experience in cybersecurity, third-party risk, or IT audit. Licenses & Credentials
Certifications such as CISA, CISSP, CTPRP, or vendor risk-specific credentials are preferred. Systems & Technology
Experience with third-party risk platforms (e.g., Archer, OneTrust, ProcessUnity, ServiceNow TPRM). Understanding of emerging AI risk frameworks (e.g., NIST AI RMF, EU AI Act). About Stifel
Stifel, over 130 years old, is a global wealth management and investment banking firm committed to innovation. With offices worldwide and approximately 9,000 employees, we focus on safeguarding our clients’ assets and helping families, companies, and municipalities succeed. We offer an entrepreneurial environment with comprehensive benefits, including health, dental, vision, 401k, wellness initiatives, life insurance, and paid time off. Stifel is an Equal Opportunity Employer.
#J-18808-Ljbffr
Join to apply for the
Third-Party Information Security Risk Analyst Approved
role at
Stifel Financial Corp. Why Stifel
Stifel strives for a culture that puts its clients and associates first: a culture where everyone belongs, everyone is welcome, and everyone contributes to the success of our clients, their careers, and the firm as a whole. Let’s talk about how you can find your place here at Stifel,
where success meets success . What You'll Be Doing
The Third-Party Cyber Risk Analyst performs comprehensive third-party risk assessments, focusing on data security, regulatory compliance, and emerging AI use risks. This includes reviewing DDQs, SOC reports, AI governance disclosures, vendor security reports, and supporting documentation from vendors and service providers. The role is critical in safeguarding organizational data by ensuring third-party partners have adequate data protection safeguards. The ideal candidate thinks strategically and is intellectually curious. The analyst will help refine the risk program. What We're Looking For
Evaluate third-party cybersecurity posture using DDQs, SOC 2 Type II reports, ISO certifications, penetration test results, and AI usage documentation. Assess AI models used by third parties for privacy, security, and compliance risks (e.g., data training, model outputs, governance). Identify gaps in vendor controls and recommend mitigations or compensating controls. Advise on residual risk and escalation paths for critical or high-risk vendors. Assist with defining third-party security standards and playbooks. Collaborate with legal, compliance, procurement, and enterprise risk management teams. Maintain and update third-party risk assessment templates to include AI and emerging technology risks. Track and report risk status, remediation plans, and residual risk acceptance. Contribute to continuous improvement of the third-party risk management (TPRM) framework. Create third-party cyber risk posture reports and metrics. Handle highly sensitive information with discretion and objectivity. Participate in third-party incident response after hours or on short notice, if required. What You'll Bring
Strong understanding of NIST CSF, ISO 27001, SOC 2, contractual cybersecurity clauses, and regulatory expectations (e.g., SEC, FINRA, GLBA). Knowledge of AI governance, data security issues, and compliance risks (e.g., data governance, shadow AI). Experience reviewing security questionnaires, due diligence documentation, and audit reports. Excellent analytical, communication, and documentation skills. Education & Experience
Bachelor’s degree in Cybersecurity, Information Technology, or related discipline, or equivalent experience. 7+ years of experience in cybersecurity, third-party risk, or IT audit. Licenses & Credentials
Certifications such as CISA, CISSP, CTPRP, or vendor risk-specific credentials are preferred. Systems & Technology
Experience with third-party risk platforms (e.g., Archer, OneTrust, ProcessUnity, ServiceNow TPRM). Understanding of emerging AI risk frameworks (e.g., NIST AI RMF, EU AI Act). About Stifel
Stifel, over 130 years old, is a global wealth management and investment banking firm committed to innovation. With offices worldwide and approximately 9,000 employees, we focus on safeguarding our clients’ assets and helping families, companies, and municipalities succeed. We offer an entrepreneurial environment with comprehensive benefits, including health, dental, vision, 401k, wellness initiatives, life insurance, and paid time off. Stifel is an Equal Opportunity Employer.
#J-18808-Ljbffr