Senior Information Security Vendor Assessor (Banking / Financial Domain)

Job Title : Senior Information Security Vendor Assessor (Banking / Financial Domain)

Location : Onsite San Antonio, TX

Duration : 6 8 Months (Contract-to-Hire)

Job Description

We are seeking a seasoned Information Security Vendor Assessor with deep experience in conducting security assessments and third-party risk audits, preferably within the banking, capital markets, or broader financial sector. The ideal candidate will have proven expertise in evaluating vendor controls, driving risk mitigation, and ensuring ongoing compliance with information security, regulatory, and industry standards.

Responsibilities

Lead comprehensive security assessments and audits of third-party vendors used by the organization, with primary focus on suppliers supporting banking, capital, or financial operations.

Evaluate documentation, policies, and technical controls to verify information security posture and regulatory compliance (e.g., PCI DSS, SOX, GLBA, FFIEC, ISO 27001).

Conduct onsite and remote risk reviews, leveraging deep understanding of financial sector security threats, data privacy, and relevant regulations.

Develop, administer, and review security questionnaires; gather artifacts and support evidence-based risk evaluation of vendors.

Collaborate with internal stakeholders (CISO's office, procurement, IT, audit, legal) and vendor representatives to communicate findings and drive remediation plans.

Document results of assessments in clear, actionable reports; deliver presentations to leadership and risk committees.

Provide subject matter expertise on best practices for third-party risk management programs in regulated industries.

Track and re-assess existing vendors to ensure continued adherence to policy, regulatory, and security requirements.

Stay up to date with rapidly changing regulatory requirements, security frameworks, and threat landscapes in the financial sector.

Requirements

8+ years experience in information security, risk assessment, or security auditing roles-at least 3+ years specifically as a vendor assessor or in third-party risk management within banking / financial services.

Strong working knowledge of industry and regulatory frameworks such as PCI DSS, FFIEC, GLBA, SOX, ISO 27001, NIST, and relevant banking regulations.

Proven background in conducting technical reviews, interviews, and control testing with vendors and service providers.

Prior experience leading or executing audits and compliance assessments (internal / external); QSA, CISA, CISSP or similar certifications highly desirable.

Excellent analytical, documentation, and stakeholder communication skills.

Ability to manage multiple concurrent assessments and work with cross-functional teams under tight deadlines.

Bachelor's degree in Information Security, Computer Science, or related field; Master's preferred.