Third-Party Information Security Risk Analyst Approved Job Listing at Stifel in Saint Louis, MO (Job ID 7640)

Description

The Third-Party Cyber Risk Analyst performs comprehensive third-party risk assessments, focusing on data security, regulatory compliance and emerging AI use risks. This includes reviewing DDQs, SOC reports, AI governance disclosures, vendor security reports, and supporting documentation from vendors and service providers. The Third-Party Cyber Risk Analyst plays a critical role in safeguarding the organization data by ensuring third-party partners have implemented sufficient data protection safeguards. Ideal candidate thinks strategically and is intellectually curious. The Third-Party Cyber Risk Analyst will be expected to help refine the risk program. 

•  Evaluate third-party cybersecurity posture using DDQs, SOC 2 Type II reports, ISO certifications, penetration test results, and AI usage documentation.
•  Assess AI models used by third parties for privacy, security, and compliance risks (e.g., data training, model outputs, governance).
•  Identify gaps in vendor controls and recommend mitigations or compensating controls.
•  Advise on residual risk and escalation paths for critical or high-risk vendors.
•  Assist with defining third-party security standards and playbooks.
•  Collaborate with legal, compliance, procurement, and enterprise risk management teams.
•  Maintain and update third-party risk assessment templates to include AI and emerging technology risks.
•  Track and report risk status, remediation plans, and residual risk acceptance.
•  Contribute to continuous improvement of the third-party risk management (TPRM) framework.
•  Create third-party cyber risk posture reports and metrics.
•  Must handle highly sensitive information with discretion and objectivity.
• May be required to participate in third-party incident response after hours or on short notice.

•  Strong understanding of NIST CSF, ISO 27001, SOC 2, contractual cybersecurity clauses, and regulatory expectations (e.g., SEC, FINRA, GLBA).
•  Working knowledge of AI governance data security issues, and compliance risks (e.g., data governance, shadow AI).
•  Experience reviewing security questionnaires, due diligence documentation, and audit reports.
•  Excellent analytical, communication, and documentation skills.

•  Minimum Required: Bachelor's degree in Cybersecurity, Information Technology, or related discipline, or equivalent experience.
•  Minimum Required: 7+ years of experience in cybersecurity, third-party risk, or IT audit.

• Certifications: CISA, CISSP, CTPRP, or vendor risk-specific credentials preferred.

•  Experience with third-party risk platforms e.g. Archer, OneTrust, ProcessUnity, ServiceNow TPRM, etc.
•  Understanding of emerging AI risk frameworks e.g., NIST AI RMF, EU AI Act.

#LI-LL1

Stifel is more than 130 years old and still thinking like a start-up.  We are a global wealth management and investment banking firm serious about innovation and fresh ideas.  Built on a simple premise of safeguarding our clients' money as if it were our own, coined by our namesake, Herman Stifel, our success is intimately tied to our commitment to helping families, companies, and municipalities find their own success.

While our headquarters is in St. Louis, we have offices in New York, San Francisco, Baltimore, London, Frankfurt, Toronto, and more than 400 other locations.  Stifel is home to approximately 9,000 individuals who are currently building their careers as financial advisors, research analysts, project managers, marketing specialists, developers, bankers, operations associates, among hundreds more.  Let's talk about how you can find your place here at Stifel, where success meets success.

At Stifel we offer an entrepreneurial environment, comprehensive benefits package to include health, dental and vision care, 401k, wellness initiatives, life insurance, and paid time off.

Stifel is an Equal Opportunity Employer.