RELOCATION ASSISTANCE: Relocation assistance may be available CLEARANCE TYPE: Top Secret TRAVEL: Yes, 10% of the Time Description At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. At the heart of Defining Possible is our commitment to missions. In rapidly changing global security environments, Northrop Grumman brings informed insights and secure technological solutions to enable strategic objectives. We're looking for innovators who can help us keep building on our wide portfolio of secure, affordable, integrated, and multi-domain systems and technologies that fuel those missions. By joining in our shared mission, we will support yours of expanding your personal network and developing skills, whether you are new to the field or an industry thought leader. At Northrop Grumman, you will have the resources, support, and team to do some of the best work of your career. Northrop Grumman Mission Systems is seeking a Principal Cybersecurity Analyst to join its Classified Solutions team in Sunnyvale, CA. Please note that due to the classified nature of this position, the selected candidate will be required to work on-site, full-time, at our Sunnyvale, CA campus - this is not a remote work opportunity. Responsibilities will include but not be limited to the following: Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy; this is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Establish strict program control processes to ensure mitigation of risks and support obtaining authorization to operate systems; this will include support of process, analysis, coordination, system assessment, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Assist in the implementation of the required government policy (i.e., NISPOM, ICD 503), make recommendations on process tailoring, and participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal System Assessment required by each government authorizing authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Document the results of Assessment and Authorization activities and technical or coordination activity and prepare the System Security Plan(s) and update the Plan of Actions and Milestones (POA&M). Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed. Basic Qualifications: Master's degree with 3 years of relevant experience, or a Bachelor's degree with 5 years of relevant experience, or an Associate's degree with 7 years of relevant experience; a High School Diploma or equivalent with 9 years of relevant experience may be considered in lieu of a completed degree. Applicants must have a current DoD Top Secret level security clearance (at a minimum), to include a closed investigation date completed within the last 6 years, or must be enrolled in the DoD Continuous Evaluation Program (CEP), in order to be considered; the required security clearance must be maintained as a condition of continued employment. The selected candidate will be required to obtain and maintain a Special Access Program (SAP/SAR) clearance as a condition of continued employment. Must have a current DoD 8570 IAM level II or higher security certification (CAP/CGRC, CASP+/SecurityX, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP) Preferred Qualifications: Bachelor's degree in Information Systems or Cybersecurity 5+ years of experience with Assessment and Authorization of classified systems and the Risk Management Framework Knowledge of ACAS, NESSUS, SPLUNK, SCAP, POA&Ms, NIST, DIACAP, NISPOM, system audits, vulnerability scanning, and RMF package development preferred. We offer flexible work arrangements, phenomenal learning opportunities, exposure to a wide variety of projects and customers, and a very friendly team environment. Our Employee Resource Groups (ERGs) offer opportunities to be a friend, be active, be a volunteer, be a leader, be recognized, and to be yourself. At Northrop Grumman, we are on the cutting edge of innovation. Our diverse portfolio of programs means there are endless paths to cultivate your career. We also offer exceptional benefits/healthcare, a 9/80 work schedule, and a great 401k matching program. Come join us! Primary Level Salary Range: $114,000.00 - $171,000.00 The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business. The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.
03/06/2026
Full time
RELOCATION ASSISTANCE: Relocation assistance may be available CLEARANCE TYPE: Top Secret TRAVEL: Yes, 10% of the Time Description At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. At the heart of Defining Possible is our commitment to missions. In rapidly changing global security environments, Northrop Grumman brings informed insights and secure technological solutions to enable strategic objectives. We're looking for innovators who can help us keep building on our wide portfolio of secure, affordable, integrated, and multi-domain systems and technologies that fuel those missions. By joining in our shared mission, we will support yours of expanding your personal network and developing skills, whether you are new to the field or an industry thought leader. At Northrop Grumman, you will have the resources, support, and team to do some of the best work of your career. Northrop Grumman Mission Systems is seeking a Principal Cybersecurity Analyst to join its Classified Solutions team in Sunnyvale, CA. Please note that due to the classified nature of this position, the selected candidate will be required to work on-site, full-time, at our Sunnyvale, CA campus - this is not a remote work opportunity. Responsibilities will include but not be limited to the following: Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy; this is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Establish strict program control processes to ensure mitigation of risks and support obtaining authorization to operate systems; this will include support of process, analysis, coordination, system assessment, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Assist in the implementation of the required government policy (i.e., NISPOM, ICD 503), make recommendations on process tailoring, and participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal System Assessment required by each government authorizing authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Document the results of Assessment and Authorization activities and technical or coordination activity and prepare the System Security Plan(s) and update the Plan of Actions and Milestones (POA&M). Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed. Basic Qualifications: Master's degree with 3 years of relevant experience, or a Bachelor's degree with 5 years of relevant experience, or an Associate's degree with 7 years of relevant experience; a High School Diploma or equivalent with 9 years of relevant experience may be considered in lieu of a completed degree. Applicants must have a current DoD Top Secret level security clearance (at a minimum), to include a closed investigation date completed within the last 6 years, or must be enrolled in the DoD Continuous Evaluation Program (CEP), in order to be considered; the required security clearance must be maintained as a condition of continued employment. The selected candidate will be required to obtain and maintain a Special Access Program (SAP/SAR) clearance as a condition of continued employment. Must have a current DoD 8570 IAM level II or higher security certification (CAP/CGRC, CASP+/SecurityX, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP) Preferred Qualifications: Bachelor's degree in Information Systems or Cybersecurity 5+ years of experience with Assessment and Authorization of classified systems and the Risk Management Framework Knowledge of ACAS, NESSUS, SPLUNK, SCAP, POA&Ms, NIST, DIACAP, NISPOM, system audits, vulnerability scanning, and RMF package development preferred. We offer flexible work arrangements, phenomenal learning opportunities, exposure to a wide variety of projects and customers, and a very friendly team environment. Our Employee Resource Groups (ERGs) offer opportunities to be a friend, be active, be a volunteer, be a leader, be recognized, and to be yourself. At Northrop Grumman, we are on the cutting edge of innovation. Our diverse portfolio of programs means there are endless paths to cultivate your career. We also offer exceptional benefits/healthcare, a 9/80 work schedule, and a great 401k matching program. Come join us! Primary Level Salary Range: $114,000.00 - $171,000.00 The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business. The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.
Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity We are seeking a diligent and team-oriented Cyber Risk Management Analyst to support our Third-Party Risk Management team. In this position, you will aid in overseeing the first line's third-party technology risk management activities, contributing to the organization's cyber resilience. You will assist in the implementation of a risk-based framework to manage cybersecurity risks associated with vendors and partners, ensuring alignment with risk appetite and regulatory requirements. This role provides an excellent opportunity to learn and develop skills in third-party risk management while contributing to the organization's overall cybersecurity posture. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: Charlotte, NC or Tampa, FL. Relocation assistance is not available for this position. What you'll do: Implements and works to ensure the maintenance and continuous improvement of a comprehensive, risk-based Third-Party Risk Management (TPRM) technology framework aligns with industry best practices and regulatory expectations. Conducts independent review and challenge of the first line's identification and assessment of inherent and residual cybersecurity risks associated with third-party relationships. This includes initial and on-going review of inherent risk assessments, security questionnaires, and other technology and security assessments. Conducts independent testing of the design and operational effectiveness of controls implemented by the first line of defense and third parties related to third party systems and technology. Monitor the first line's adherence to the organization's cybersecurity policies, standards, and procedures related to third-party risk. Provide the business feedback and recommendations for improvement. Collects and analyzes key risk indicators (KRIs) and key performance indicators (KPIs) to continuously monitor the cyber risk posture of third parties. Contributes and develops reports to management. Stays abreast of evolving cybersecurity regulations and guidance related to TPRM and assist in ensuring the organization's program is aligned with requirements. Reviews and provides input and feedback to the first line's processes for responding to cybersecurity incidents involving third parties. Reviews vendor due diligence processes, ensuring that potential vendors are thoroughly vetted for cybersecurity risks before being onboarded. Reviews cybersecurity requirements in contracts with third parties, ensuring that appropriate security clauses are included. Maintains accurate and up-to-date documentation of TPRM technology activities. Monitors third-party relationships for Member complaints and levels of Member satisfaction ensuring service level agreements are being met. Identify process improvements to enhance the efficiency and effectiveness of the second line cyber and technology TPRM program. What you have: Bachelor's degree in a related field (e.g., Information Technology, Cybersecurity, Business Administration). 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree. 4 years of vendor/third-party risk management experience, in financial services, information technology, cyber security or related industry. 2 years of experience with relevant regulatory compliance, industry regulations and regulatory data sources such as Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), etc. Proficient knowledge of relevant cyber and/or technology process(es) and regulatory compliance requirements. Strong knowledge of cybersecurity principles and technologies. Experience working within a regulated, policy-driven environment. Experience with the full lifecycle of third-party relationships, including detailed tasks like invoice reconciliation and ensuring proper termination procedures. Knowledge of cybersecurity principles, technologies, and frameworks (e.g., NIST CSF, ISO 27001). Knowledge of third-party risk management methodologies and best practices (e.g., Shared Assessments). Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. What sets you apart: Demonstrated experience with technology risk dimensions, including information security principles, and relevant laws, rules, and regulations. Demonstrated knowledge of cybersecurity principles (NIST 800.53), technologies, and frameworks, specifically NIST Cybersecurity Framework and ISO 27001. Relevant certifications such as CISSP (ISC2), CISA, CRISC, or other certifications from ISACA. Experience in auditing, particularly in the context of third-party risk management, including evaluating or conducting due diligence assessments. Possesses experience using Governance, Risk, and Compliance (GRC) tools and Third-Party Risk Management (TPRM) programs. Compensation range: The salary range for this position is: $85,040.00 - $162,550.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
12/17/2025
Full time
Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity We are seeking a diligent and team-oriented Cyber Risk Management Analyst to support our Third-Party Risk Management team. In this position, you will aid in overseeing the first line's third-party technology risk management activities, contributing to the organization's cyber resilience. You will assist in the implementation of a risk-based framework to manage cybersecurity risks associated with vendors and partners, ensuring alignment with risk appetite and regulatory requirements. This role provides an excellent opportunity to learn and develop skills in third-party risk management while contributing to the organization's overall cybersecurity posture. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: Charlotte, NC or Tampa, FL. Relocation assistance is not available for this position. What you'll do: Implements and works to ensure the maintenance and continuous improvement of a comprehensive, risk-based Third-Party Risk Management (TPRM) technology framework aligns with industry best practices and regulatory expectations. Conducts independent review and challenge of the first line's identification and assessment of inherent and residual cybersecurity risks associated with third-party relationships. This includes initial and on-going review of inherent risk assessments, security questionnaires, and other technology and security assessments. Conducts independent testing of the design and operational effectiveness of controls implemented by the first line of defense and third parties related to third party systems and technology. Monitor the first line's adherence to the organization's cybersecurity policies, standards, and procedures related to third-party risk. Provide the business feedback and recommendations for improvement. Collects and analyzes key risk indicators (KRIs) and key performance indicators (KPIs) to continuously monitor the cyber risk posture of third parties. Contributes and develops reports to management. Stays abreast of evolving cybersecurity regulations and guidance related to TPRM and assist in ensuring the organization's program is aligned with requirements. Reviews and provides input and feedback to the first line's processes for responding to cybersecurity incidents involving third parties. Reviews vendor due diligence processes, ensuring that potential vendors are thoroughly vetted for cybersecurity risks before being onboarded. Reviews cybersecurity requirements in contracts with third parties, ensuring that appropriate security clauses are included. Maintains accurate and up-to-date documentation of TPRM technology activities. Monitors third-party relationships for Member complaints and levels of Member satisfaction ensuring service level agreements are being met. Identify process improvements to enhance the efficiency and effectiveness of the second line cyber and technology TPRM program. What you have: Bachelor's degree in a related field (e.g., Information Technology, Cybersecurity, Business Administration). 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree. 4 years of vendor/third-party risk management experience, in financial services, information technology, cyber security or related industry. 2 years of experience with relevant regulatory compliance, industry regulations and regulatory data sources such as Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), etc. Proficient knowledge of relevant cyber and/or technology process(es) and regulatory compliance requirements. Strong knowledge of cybersecurity principles and technologies. Experience working within a regulated, policy-driven environment. Experience with the full lifecycle of third-party relationships, including detailed tasks like invoice reconciliation and ensuring proper termination procedures. Knowledge of cybersecurity principles, technologies, and frameworks (e.g., NIST CSF, ISO 27001). Knowledge of third-party risk management methodologies and best practices (e.g., Shared Assessments). Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. What sets you apart: Demonstrated experience with technology risk dimensions, including information security principles, and relevant laws, rules, and regulations. Demonstrated knowledge of cybersecurity principles (NIST 800.53), technologies, and frameworks, specifically NIST Cybersecurity Framework and ISO 27001. Relevant certifications such as CISSP (ISC2), CISA, CRISC, or other certifications from ISACA. Experience in auditing, particularly in the context of third-party risk management, including evaluating or conducting due diligence assessments. Possesses experience using Governance, Risk, and Compliance (GRC) tools and Third-Party Risk Management (TPRM) programs. Compensation range: The salary range for this position is: $85,040.00 - $162,550.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity We are seeking a diligent and team-oriented Cyber Risk Management Analyst to support our Third-Party Risk Management team. In this position, you will aid in overseeing the first line's third-party technology risk management activities, contributing to the organization's cyber resilience. You will assist in the implementation of a risk-based framework to manage cybersecurity risks associated with vendors and partners, ensuring alignment with risk appetite and regulatory requirements. This role provides an excellent opportunity to learn and develop skills in third-party risk management while contributing to the organization's overall cybersecurity posture. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: Charlotte, NC or Tampa, FL. Relocation assistance is not available for this position. What you'll do: Implements and works to ensure the maintenance and continuous improvement of a comprehensive, risk-based Third-Party Risk Management (TPRM) technology framework aligns with industry best practices and regulatory expectations. Conducts independent review and challenge of the first line's identification and assessment of inherent and residual cybersecurity risks associated with third-party relationships. This includes initial and on-going review of inherent risk assessments, security questionnaires, and other technology and security assessments. Conducts independent testing of the design and operational effectiveness of controls implemented by the first line of defense and third parties related to third party systems and technology. Monitor the first line's adherence to the organization's cybersecurity policies, standards, and procedures related to third-party risk. Provide the business feedback and recommendations for improvement. Collects and analyzes key risk indicators (KRIs) and key performance indicators (KPIs) to continuously monitor the cyber risk posture of third parties. Contributes and develops reports to management. Stays abreast of evolving cybersecurity regulations and guidance related to TPRM and assist in ensuring the organization's program is aligned with requirements. Reviews and provides input and feedback to the first line's processes for responding to cybersecurity incidents involving third parties. Reviews vendor due diligence processes, ensuring that potential vendors are thoroughly vetted for cybersecurity risks before being onboarded. Reviews cybersecurity requirements in contracts with third parties, ensuring that appropriate security clauses are included. Maintains accurate and up-to-date documentation of TPRM technology activities. Monitors third-party relationships for Member complaints and levels of Member satisfaction ensuring service level agreements are being met. Identify process improvements to enhance the efficiency and effectiveness of the second line cyber and technology TPRM program. What you have: Bachelor's degree in a related field (e.g., Information Technology, Cybersecurity, Business Administration). 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree. 4 years of vendor/third-party risk management experience, in financial services, information technology, cyber security or related industry. 2 years of experience with relevant regulatory compliance, industry regulations and regulatory data sources such as Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), etc. Proficient knowledge of relevant cyber and/or technology process(es) and regulatory compliance requirements. Strong knowledge of cybersecurity principles and technologies. Experience working within a regulated, policy-driven environment. Experience with the full lifecycle of third-party relationships, including detailed tasks like invoice reconciliation and ensuring proper termination procedures. Knowledge of cybersecurity principles, technologies, and frameworks (e.g., NIST CSF, ISO 27001). Knowledge of third-party risk management methodologies and best practices (e.g., Shared Assessments). Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. What sets you apart: Demonstrated experience with technology risk dimensions, including information security principles, and relevant laws, rules, and regulations. Demonstrated knowledge of cybersecurity principles (NIST 800.53), technologies, and frameworks, specifically NIST Cybersecurity Framework and ISO 27001. Relevant certifications such as CISSP (ISC2), CISA, CRISC, or other certifications from ISACA. Experience in auditing, particularly in the context of third-party risk management, including evaluating or conducting due diligence assessments. Possesses experience using Governance, Risk, and Compliance (GRC) tools and Third-Party Risk Management (TPRM) programs. Compensation range: The salary range for this position is: $85,040.00 - $162,550.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
12/17/2025
Full time
Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity We are seeking a diligent and team-oriented Cyber Risk Management Analyst to support our Third-Party Risk Management team. In this position, you will aid in overseeing the first line's third-party technology risk management activities, contributing to the organization's cyber resilience. You will assist in the implementation of a risk-based framework to manage cybersecurity risks associated with vendors and partners, ensuring alignment with risk appetite and regulatory requirements. This role provides an excellent opportunity to learn and develop skills in third-party risk management while contributing to the organization's overall cybersecurity posture. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: Charlotte, NC or Tampa, FL. Relocation assistance is not available for this position. What you'll do: Implements and works to ensure the maintenance and continuous improvement of a comprehensive, risk-based Third-Party Risk Management (TPRM) technology framework aligns with industry best practices and regulatory expectations. Conducts independent review and challenge of the first line's identification and assessment of inherent and residual cybersecurity risks associated with third-party relationships. This includes initial and on-going review of inherent risk assessments, security questionnaires, and other technology and security assessments. Conducts independent testing of the design and operational effectiveness of controls implemented by the first line of defense and third parties related to third party systems and technology. Monitor the first line's adherence to the organization's cybersecurity policies, standards, and procedures related to third-party risk. Provide the business feedback and recommendations for improvement. Collects and analyzes key risk indicators (KRIs) and key performance indicators (KPIs) to continuously monitor the cyber risk posture of third parties. Contributes and develops reports to management. Stays abreast of evolving cybersecurity regulations and guidance related to TPRM and assist in ensuring the organization's program is aligned with requirements. Reviews and provides input and feedback to the first line's processes for responding to cybersecurity incidents involving third parties. Reviews vendor due diligence processes, ensuring that potential vendors are thoroughly vetted for cybersecurity risks before being onboarded. Reviews cybersecurity requirements in contracts with third parties, ensuring that appropriate security clauses are included. Maintains accurate and up-to-date documentation of TPRM technology activities. Monitors third-party relationships for Member complaints and levels of Member satisfaction ensuring service level agreements are being met. Identify process improvements to enhance the efficiency and effectiveness of the second line cyber and technology TPRM program. What you have: Bachelor's degree in a related field (e.g., Information Technology, Cybersecurity, Business Administration). 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree. 4 years of vendor/third-party risk management experience, in financial services, information technology, cyber security or related industry. 2 years of experience with relevant regulatory compliance, industry regulations and regulatory data sources such as Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), etc. Proficient knowledge of relevant cyber and/or technology process(es) and regulatory compliance requirements. Strong knowledge of cybersecurity principles and technologies. Experience working within a regulated, policy-driven environment. Experience with the full lifecycle of third-party relationships, including detailed tasks like invoice reconciliation and ensuring proper termination procedures. Knowledge of cybersecurity principles, technologies, and frameworks (e.g., NIST CSF, ISO 27001). Knowledge of third-party risk management methodologies and best practices (e.g., Shared Assessments). Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. What sets you apart: Demonstrated experience with technology risk dimensions, including information security principles, and relevant laws, rules, and regulations. Demonstrated knowledge of cybersecurity principles (NIST 800.53), technologies, and frameworks, specifically NIST Cybersecurity Framework and ISO 27001. Relevant certifications such as CISSP (ISC2), CISA, CRISC, or other certifications from ISACA. Experience in auditing, particularly in the context of third-party risk management, including evaluating or conducting due diligence assessments. Possesses experience using Governance, Risk, and Compliance (GRC) tools and Third-Party Risk Management (TPRM) programs. Compensation range: The salary range for this position is: $85,040.00 - $162,550.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
