Sr. Third Party Security Consultant

Location: For Those Who Work At Home - Various, Ohio 44145 Job Profile Summary Use skills, experience and talent to help Key grow an effective information security program by analyzing, assessing, and helping mitigate security issues. Applicant will develop and maintain cybersecurity/third party security plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance. Applicant must have an excellent technical background across a wide range of security disciplines and solutions and must have excellent presentation, writing, communication, and customer interface skills. Essential job Functions Abilities: Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. Develop, update, and/or maintain standard operating procedures (SOPs). Third party security experience in financial service industry. Knowledge of: Computer networking concepts and protocols, and network security methodologies. Risk management processes (e.g., methods for assessing and mitigating risk). Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and privacy principles. Cyber threats and vulnerabilities. Skills: Negotiating vendor agreements and evaluating vendor privacy practices. Communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). Tasks: Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture. Conduct cyber risk analysis in decision-making process. Interpret and apply laws, regulations, policies, standards, or procedures to specific issues. Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions. Present technical information to technical and nontechnical audiences. Collaborate on cyber privacy and security policies and procedures Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation Review all system-related information security plans to ensure alignment between security and privacy practices Develop and manage procedures for vetting and auditing vendors for compliance with the privacy and data security policies and legal requirements Act as, or work with, counsel relating to business partner contracts Manage privacy incidents and breaches in conjunction with the Privacy Officer, Chief Information Security Officer, legal counsel and the business units Required Qualifications Bachelor’s degree or equivalent work experience (Cybersecurity or Computer Science major preferred). Professional security certification desired (CISSP, CISM, CISA, etc.). Basic understanding of security threats and knowledge of financial industry. Strong risk-based analysis and decision-making skills. Proven ability to identify and implement process improvement opportunities. Results oriented, a team player, and self-starter with ability to work with general direction. Ability to manage competing priorities. KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category. Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.