Third-Party Risk and Compliance Advisor – Mid Level

Why Usaa?

At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

Embrace a fulfilling career at USAA, where our core values – honesty, integrity, loyalty and service – define how we treat each other and our members. Be part of what truly makes us special and impactful.

The Opportunity

We are seeking a diligent and team-oriented Cyber Risk Management Analyst to support our Third-Party Risk Management team. In this position, you will aid in overseeing the first line's third-party technology risk management activities, contributing to the organization's cyber resilience. You will assist in the implementation of a risk-based framework to manage cybersecurity risks associated with vendors and partners, ensuring alignment with risk appetite and regulatory requirements. This role provides an excellent opportunity to learn and develop skills in third-party risk management while contributing to the organization's overall cybersecurity posture.

We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: Charlotte, NC or Tampa, FL. Relocation assistance is not available for this position.

What You'Ll Do:

• Implements and works to ensure the maintenance and continuous improvement of a comprehensive, risk-based Third-Party Risk Management (TPRM) technology framework aligns with industry best practices and regulatory expectations.
• Conducts independent review and challenge of the first line's identification and assessment of inherent and residual cybersecurity risks associated with third-party relationships. This includes initial and on-going review of inherent risk assessments, security questionnaires, and other technology and security assessments.
• Conducts independent testing of the design and operational effectiveness of controls implemented by the first line of defense and third parties related to third party systems and technology.
• Monitor the first line's adherence to the organization's cybersecurity policies, standards, and procedures related to third-party risk. Provide the business feedback and recommendations for improvement.
• Collects and analyzes key risk indicators (KRIs) and key performance indicators (KPIs) to continuously monitor the cyber risk posture of third parties. Contributes and develops reports to management.
• Stays abreast of evolving cybersecurity regulations and guidance related to TPRM and assist in ensuring the organization's program is aligned with requirements.
• Reviews and provides input and feedback to the first line's processes for responding to cybersecurity incidents involving third parties.
• Reviews vendor due diligence processes, ensuring that potential vendors are thoroughly vetted for cybersecurity risks before being onboarded.
• Reviews cybersecurity requirements in contracts with third parties, ensuring that appropriate security clauses are included.
• Maintains accurate and up-to-date documentation of TPRM technology activities.
• Monitors third-party relationships for Member complaints and levels of Member satisfaction ensuring service level agreements are being met.
• Identify process improvements to enhance the efficiency and effectiveness of the second line cyber and technology TPRM program.

What You Have:

• Bachelor's degree in a related field (e.g., Information Technology, Cybersecurity, Business Administration). 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree.
• 4 years of vendor/third-party risk management experience, in financial services, information technology, cyber security or related industry.
• 2 years of experience with relevant regulatory compliance, industry regulations and regulatory data sources such as Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), etc.
• Proficient knowledge of relevant cyber and/or technology process(es) and regulatory compliance requirements.
• Strong knowledge of cybersecurity principles and technologies.
• Experience working within a regulated, policy-driven environment.
• Experience with the full lifecycle of third-party relationships, including detailed tasks like invoice reconciliation and ensuring proper termination procedures.
• Knowledge of cybersecurity principles, technologies, and frameworks (e.g., NIST CSF, ISO 27001).
• Knowledge of third-party risk management methodologies and best practices (e.g., Shared Assessments).
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.

What Sets You Apart:

• Demonstrated experience with technology risk dimensions, including information security principles, and relevant laws, rules, and regulations.
• Demonstrated knowledge of cybersecurity principles (NIST 800.53), technologies, and frameworks, specifically NIST Cybersecurity Framework and ISO 27001.
• Relevant certifications such as CISSP (ISC2), CISA, CRISC, or other certifications from ISACA.
• Experience in auditing, particularly in the context of third-party risk management, including evaluating or conducting due diligence assessments.
• Possesses experience using Governance, Risk, and Compliance (GRC) tools and Third-Party Risk Management (TPRM) programs.

Compensation range: The salary range for this position is: $85,040.00 - $162,550.00.

USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.).

Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits, visit our benefits page on USAAjobs.com.

Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting.

USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.