Digital Third Party Cyber Risk Consultant - Technical Architect

Company Overview

Edward Jones is a Fortune 500, privately‑owned financial services firm with over 9 million clients and 20,000 financial advisors across the U.S. and Canada. The company places its people first and partners for positive impact to improve client and colleague lives while advancing community and societal betterment.

The TECH Digital 3rd‑party risk and security awareness organization is part of the overall TECH risk management program. It works proactively with IS and business leaders to implement practices that meet Edward Jones defined policies and standards for information risk management.

• Regulatory Compliance and Legal Alignment:
  Monitor and interpret cybersecurity laws and regulations, translating them into actionable controls and policies. Collaborate with legal teams on compliance issues and ensure security documentation reflects current requirements.
• Conduct Assessments:
  Perform in‑depth information security risk assessments of third‑party vendors, reviewing documentation, conducting interviews, and performing technical reviews of security controls (e.g., infrastructure security, access management, application security, physical security).
• Identify and Escalate Risks:
  Identify security gaps or risks and effectively communicate them to internal stakeholders and vendor representatives to develop remediation strategies.
• Reporting & Communication:
  Prepare and present reports on risk and compliance status to various stakeholders and contribute to cybersecurity awareness programs.
• Ensure Compliance:
  Evaluate third parties against internal policies and external regulatory standards and frameworks such as NIST, ISO 27001, SOC 2, HIPAA, GDPR, and PCI‑DSS.
• Partner with Stakeholders:
  Collaborate with internal teams, including Legal, Procurement, Compliance, and business units, to ensure contract language reflects cyber requirements and to align risk management activities with business objectives.
• Monitor Continuously:
  Oversee ongoing monitoring of critical and high‑risk vendors using a variety of risk intelligence tools and perform periodic reassessments to manage evolving threats.

• Education:
  
  A Bachelor’s degree in a relevant field is required, and an advanced degree in Cyber Law or a related legal/regulatory field is highly desirable.
• Experience:
  
  5‑8 years in information security, risk management, or compliance, particularly in regulated environments.
• Certifications:
  
  Professional certifications such as CISSP, CISM, CISA, or CRISC are strongly preferred.
• Skills:
  
  A strong understanding of regulations (FINRA, NYDFS) and frameworks (NIST, MITRE, CSA), excellent analytical and critical thinking abilities, outstanding communication skills for diverse audiences, and the capacity to manage multiple projects and deadlines.

Current INTERNAL home‑based associates: While this role is posted as hybrid,
if selected and accepted, you may retain your home‑based status
. Edward Jones intends in good faith to continue offering the role as home‑based, though future business or regulatory needs may require on‑site work.
Candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday‑through‑Thursday.

Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.

Edward Jones’s compensation and benefits package includes medical, prescription drug, dental and vision care; voluntary benefits such as accident, hospital indemnity, and critical illness; short‑ and long‑term disability; basic life and basic AD&D coverage at no cost to associates; a 401k retirement plan; and tax‑advantaged accounts including health savings and flexible spending. The firm observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, plus sick time, personal days and a paid day for volunteerism.

Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm’s Employee Assistance Program.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act. Edward Jones is prohibited from hiring individuals with certain specified criminal history as set forth in Section 3(a)(39) and 15(b)(4) and Rule 17a‑3(a)(12) of the Securities and Exchange Act of 1934, and conducts background reviews consistent with FINRA Rule 3110(e).

A copy of a notice regarding the provisions of the Los Angeles County Fair Chance Ordinance is available at: dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30..