As an Information Security Risk Consultant (Supplier Assurance) , you are a member of PNC's Information Security Risk and Assurance team, a part of PNC's Information Security Organization of more than one hundred security professionals. You will be part of a diversified financial services firm that reflects the needs, values and goals of our customers, employees, communities and shareholders. You will be instrumental in helping to maintain PNC's reputation for excellence in protecting customer and business information assets.You may be seated in Pittsburgh, Cleveland, or Columbus.
PNC's Information Security team provides business and technical advice on a wide variety of information security issues, concerns, and problems. The Information Security Risk Consultant (Supplier Assurance) role is a subject matter expert who participates in the assessment of security risk areas and develops approaches to improve security security best practices for protecting sensitive PNC information and information systems. Consultants are charged with gaining
widespread support of and compliance with information security requirements. In addition, you will assist in the development, implementation and enforcement of corporate-wide information security policies, guidelines and best practices.
Responsibilities within this position will involve planning, developing, and executing key elements of the PNC Third Party Supplier Security Assurance Program. This role will be specifically targeted to developing and executing security procedures to evaluate third party supplier security controls for protecting PNC information they access or maintain.
This position would ideally be located in our Pittsburgh, PA, Cleveland, OH or Columbus, OH locations. The successful candidate will have the following qualifications:
- Bachelors degree in an IT related field or equivalent experience
- 4-7 years of IT related experience
- Security Certification (CISA, CISM, CSSM, CISSP) or related security work experience a plus
- Equivalent experience would be acceptable in lieu of education
- Experience with writing business and technical documents
- Experience in successfully implementing information security program management requirements
- Experience in supplier relationship management and supplier control assessments
- Ability to collaborate well across teams / organizations
- Proficient knowledge and understanding of threats to information management and controls for information protection
- Knowledge of technology and security related issues, specifically understanding key information security and privacy regulatory requirements a plus
- Strong interpersonal and organizational skills along with analytical and problem solving skills