PNC Security Analyst - Third Party Assessments 

United States, Pennsylvania, Taylor Township 

599291648

**PNC will not provide sponsorship for employment visas or participate in STEM OPT for this position**The Security Analyst is primarily responsible for conducting third-party security risk assessments across the PNC portfolio of technology suppliers. The role will require extensive coordination with internal third-party resources as well as with the external suppliers. In this role, you will work with third party suppliers to validate that necessary security and technology controls are in place and operationally solid. Specific responsibilities within this position will include:•Independently manage multiple assessments to completion within SLA. Assessment management includes reviewing returned Due Diligence Questionnaires, creating unique agendas for remote interviews based on controls that need further assessment, conducting remote assessment interviews, creating remediations, etc.
•Elevate issues, delays, obstacles as needed to keep the assessment lifecycle on track.
•Consult on defining third party security policies and best practices.
•Educate and build awareness of third-party security requirements.
•Continuously work to improve the overall third-party security assurance program.
•Assist with testing releases of the PNC TPSA platform.
•Special projects as assigned.The ideal candidate will have the following qualifications:REQUIRED skills:
• Bachelor's Degree and at least 3 years of directly related Third Party Risk Management experience preferred.
• Must have a solid understanding of security concepts and controls and industry frameworks including NIST, FFIEC, and CRI Profile.
• Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
• Excellent project management skills, with the ability to work within deadlines, and flexibility to manage multiple, competing priorities.
• Ability to work independently with little direction and/or supervision.
• Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at all levels within the organization.
• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking.
• High-level interpersonal skills.
• Experience with supporting toolsets including Sharepoint, Jira, Confluence, and Tableau.
Key Responsibilities:
• Perform comprehensive audits of Third Party enterprise controls, cloud infrastructure, cloud-native applications, and Cloud API / Microservices to assess compliance with security requirements and standards.
• Review cloud configurations, access controls, and security policies and procedures to ensure compliance with industry regulations (GDPR, HIPAA, PCI-DSS, SOC 2).
• Conduct interviews with Third Party SMEs to validate evidence (or compensating controls) on security foundational controls, cloud operations, and security practices.
• Prepare detailed post-assessment reports that summarize the findings and compensating controls in place.
Technical Skills:
• Strong understanding of industry best practice technical and cloud controls, including knowledge of cloud platforms (AWS, Azure, Google Cloud).
• Knowledge of cloud security architecture, controls, and compliance frameworks (SOC 2, ISO 27001, NIST, GDPR, PCI-DSS).
• Familiarity with cloud security tools (AWS Security Hub, Azure Security Center, Google Cloud Security Command Center).
• Experience in cloud audit procedures, including examining configurations, access controls, security posture, and monitoring for cloud-native applications, serverless computing, and containers (e.g., Kubernetes, Docker).
Preferred skills:
• Proficiency using Third Party assessment and continuous monitoring tools including KY3P, TruSight, Bitsight
• Proficiency in analyzing cloud provider security configurations and conducting risk assessments. Certification(s): CCSK, CCAK, CRISC, CISSPJob Description

• Provides technical evaluation and analysis. Supports activities, process, and tools needed to improve overall security posture of the organization.
• Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation. Performs investigation and data loss prevention, data manipulation, and coordination of activities. Performs actions to address or mitigate risks and vulnerabilities. Reviews and defines controls.
• Advises on more complex security procedures and products for clients, security administrators and network operations. Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion. Shares knowledge with staff.
• Conducts security assessments and other information security routines consistently. Investigates and recommends corrective actions for data security related to established guidelines.

PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:

• Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
• Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.

Qualifications

Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and requiredneeded to be successful in this position.

Analytical Thinking, Effective Communications, Information Assurance, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, IT Systems Management, Problem Solving, Software Security AssuranceRoles at this level typically require a university / college degree, with 3+ years of relevant / direct industry experience. Certifications are often desired. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.No Required Certification(s)No Required License(s)

This position is subject to the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA) and, for any registered role, the Secure and Fair Enforcement for Mortgage Licensing Act of 2008 (SAFE Act) and/or the Financial Industry Regulatory Authority (FINRA), which prohibit the hiring of individuals with certain criminal history.

California Residents

Refer to the