**There is required weekly time in one of the office locations listed****PNC will not provide sponsorship for employment visas or participate in STEM OPT for this position**The Security Analyst role is primarily responsible for engineering continuous improvement efforts in the Third-Party Security risk assessment process. The role will require an independent resource to work with stakeholders inside and outside Security to implement planned strategic programs to improve efficiencies inclusive of integration with incident response and continuous monitoring of critical third parties.The role may require coordination with internal third-party resources (Enterprise Third Party Management) as well as with the external suppliers. Specific responsibilities within this position will include:
· Independently design, develop, and engineer multiple improvement initiatives as per TPSA strategy plans following typical engineering tasks such as:
· Analyze the needs of the user
· Design, test and develop the software to meet those needs
· Recommend upgrades for existing systems and programs
· Develop separate elements of a software that work well in the program as a whole
· Create various diagrams, flowcharts and models that illustrate the type of code needed for programmers
· Ensure continued functionality of a program during maintenance and testing of software
· Document each aspect of a system or application as a reference for future upgrades and maintenance
· Revisit the development process to fix bugs or address client or consumer concerns
· Partner with other EIS teams to integrate solutions as required.
· Elevate issues, delays, obstacles as needed to keep the assessment lifecycle on track.
· Consult on defining third party security policies and best practices.
· Educate and build awareness of third-party security requirements.
· Continuously work to improve the overall third-party security assurance program.
· Assist with testing releases of the PNC TPSA platform.
· Assist with third-party assessments as needed.
· Special projects as assigned.
The ideal candidate will have the following qualifications:
REQUIRED skills:
Experience working in Third Party Risk Management.
· Experience with supporting toolsets including Sharepoint, Jira, Confluence, and Tableau.
· Expertise in Excel to manipulate/transform data for analysis, integration and reporting.
· Experience using Third Party platforms including Archer and/or KY3P.
· Must have a solid understanding of security concepts and controls and industry frameworks including NIST, FFIEC, and CRI Profile.
· Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
· Excellent project management skills, with the ability to work within deadlines, and flexibility to manage multiple competing priorities.
· Ability to work independently with little direction and/or supervision.
· Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
· Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking.
· High-level interpersonal skills.
PREFERRED skills:
· Ability to code/script to help automate and integrate solutions including but not limited to any of the following: Python, Java, Visual Basic, or Microsoft Power platform including Automate/Power BI/Workflows.
· Experience with reporting platforms like Tableau
· Experience with building APIs and services using REST, SOAP, etc.
· Experience with scripting languages like Perl, Shell, etc.
· Cloud: Knowledge of: DevSecOps environment & Security, Microservices architecture, cloud threat, Multicloud and cloud security integration.
· AI: Knowledge of AI-driven solutions, AI methodologies & models, data visualization tools and techniques, AI platforms, etc.
Job Description- Provides technical evaluation and analysis. Supports activities, process, and tools needed to improve overall security posture of the organization.
- Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation. Performs investigation and data loss prevention, data manipulation, and coordination of activities. Performs actions to address or mitigate risks and vulnerabilities. Reviews and defines controls.
- Advises on more complex security procedures and products for clients, security administrators and network operations. Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion. Shares knowledge with staff.
- Conducts security assessments and other information security routines consistently. Investigates and recommends corrective actions for data security related to established guidelines.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
- Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
- Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
QualificationsSuccessful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and requiredneeded to be successful in this position.
Analytical Thinking, Effective Communications, Information Assurance, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, IT Systems Management, Problem Solving, Software Security AssuranceRoles at this level typically require a university / college degree, with 3+ years of relevant / direct industry experience. Certifications are often desired. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.No Required Certification(s)No Required License(s)PNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives. In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.
*For more information, please click on the following links:
California ResidentsRefer to the