Cybersecurity Third Party Senior Analyst

Job Type: Regular Language Fluency: English (Required) Work Shift: 1st shift (United States of America) Job Description The role focuses on technical risk assessment of supplier connectivity. The analyst evaluates how vendors connect, what they can access, and the business risk introduced. They drive process improvements, develop risk attribution methods, and refine governance for vendor access and connectivity. The analyst also works with the continuous monitoring team to develop threat models, detection strategies, and monitoring capabilities that identify and reduce external and supply‑chain related threats. The position is fully onsite in Atlanta, GA. All teammates are expected to be in the office five days a week. Responsibilities Evaluate and manage risks introduced by vendor connectivity, including vendor cloud integrations, VPN and network access, application‑to‑application connections, and API data exchange pathways. Conduct technical risk assessments of VPN access, cloud integrations, API connections, and SaaS apps. Assess authentication, authorization, network segmentation and trust boundaries. Identify excessive access, weak authentication, insecure patterns, and single points of failure. Maintain consistent classification of high‑risk integrations and critical vendor access. Review, approve or deny new vendor connection requests and modifications, partnering with business and engineering teams to recommend safer patterns and compensating controls. Advise procurement, vendor risk, application and cloud teams on technical risks; translate findings into business risk statements and remediation actions. Support contractual security requirements and risk‑acceptance documentation. Refine vendor risk processes to move beyond questionnaires, provide risk‑based guidance, introduce architecture‑based risk reviews, define secure integration patterns, risk thresholds and escalation criteria. Validate network, IAM and monitoring controls for vendor connections; partner with SOC and detection engineering to ensure monitoring of high‑risk connections. Coordinate with third‑party risk management, incident response and infrastructure teams to validate threats, contain incidents and recommend remediation. Monitor external threat intelligence and vendor security events to assess potential organizational impact; identify and document abuse cases and attack paths involving external parties and publicly exposed assets. Required Qualifications Bachelor’s degree in Computer Science or related field, or equivalent education and training. Eight years of experience in Cybersecurity or related work. Broad knowledge of general IT with mastery of operating systems, networking, computer programming, web development or database administration. Advanced knowledge of cybersecurity operations, including attack surface management, SOC operations, IDS/IPS, SIEM, threats (APT, insider), vulnerabilities, exploits, incident response, investigations and remediation. Experience with automated threat intelligence sharing protocols (STIX, TAXII) and advanced knowledge of processes to research, analyze and disseminate threat intelligence. Ability to lead and persuade individuals and large teams on ideas, concepts and opportunities. Preferred Qualifications Master’s degree or MBA with seven years or equivalent experience in Information Security banking and frameworks, best practices and regulatory requirements. Experience conducting, preparing and presenting analysis, findings and recommendations. Bachelor’s degree in business administration or technology related field, or equivalent education. Excellent ability to express complex multidisciplinary technical and business concepts to all levels of LOB and corporate management both verbally and in writing. Experience in security architecture reviews, third‑party/vendor risk and threat modeling. Ability to read diagrams, detect weak trust boundaries, challenge unsafe designs diplomatically and build repeatable processes. Strong understanding of cloud architectures (AWS, Azure, GCP), VPN, IAM, OAuth, API security and SaaS integrations. Cyber security certifications such as CISA, CISSP. Other technical certifications (CCNA, RHCE, MCSE, etc.). Benefits All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, which may include medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax‑preferred savings accounts and a 401(k) plan. Regular teammates also receive not less than 10 days of vacation (pro‑rated) and 10 sick days (pro‑rated), plus paid holidays. Depending on the position and division, additional benefits such as a defined benefit pension plan, restricted stock units, or a deferred compensation plan may be available. Equal Opportunity Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other protected classifications. Truist is a Drug Free Workplace. EEO is the Law. E‑Verify IER Right to Work. #J-18808-Ljbffr Truist