Discover Financial Services, Inc.
Principal Cybersecurity Analyst ( Cybersecurity Risk and Control )
Discover Financial Services, Inc., Chicago, Illinois, United States,
Principal Cybersecurity Analyst (Cybersecurity Risk and Control)
With us, you’ll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it — we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.Come build your future while being the reason millions of people find a brighter financial future with Discover.Job Description:
What You’ll Do
We are seeking a highly skilled and experienced Cybersecurity Risk and Control Self-Assessment Expert to join our team. The ideal candidate will be responsible for conducting comprehensive risk assessments, evaluating the effectiveness of security controls, and implementing strategies to mitigate identified risks. This role requires a deep understanding of cybersecurity principles, risk management frameworks, and control assessment methodologies.Optimizes cybersecurity program processes and output. Contributes to the broader program roadmap. Drives reporting accuracy and demands excellence in department deliverables.Actively manages and escalates risk and customer-impacting issues within the day-to-day role to management.How You’ll Do It
Conduct thorough cybersecurity risk assessments to identify potential threats and vulnerabilities within the organization’s infrastructure and applications.Develop and implement risk management strategies to mitigate identified risks and ensure the security of information assets.Perform control self-assessments to evaluate the effectiveness of existing security controls and identify areas for improvement.Develop new risks and controls to address the security gaps.Collaborate with various departments to ensure that cybersecurity risks are identified, assessed, and managed in accordance with organizational policies and industry best practices.Develop and maintain risk assessment and control self-assessment documentation, including reports, policies, and procedures.Assess the effectiveness of security controls and create control effectiveness rationale.Provide guidance and training to staff on cybersecurity risk management and control assessment practices.Stay up-to-date with the latest cybersecurity trends, threats, and technologies to ensure the organization’s security posture remains robust.Assist in the implementation of cybersecurity policies, standards, and guidelines.Map the organization's cybersecurity standards to the industry frameworks and its applicable controls.Manage and execute cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.Maintain an awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI-DSS).Perform in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory, and legal requirements.Design metrics and develop advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business-friendly manner to Cybersecurity Leadership and 2nd line partners. Proactively identify and report control deficiencies as issues within action plans.Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.Utilize ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.Document risk assessments in Archer enterprise governance, risk, and compliance tool for review by external regulators and auditors. Prepare department, committee, and board-level reports and presentation materials.Gather and challenge data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.
Qualifications You’ll NeedThe Basics
Bachelor’s degree in information security, Information Technology, Analytics, Business Administration and Management, or Project Management.6+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management, or related.In lieu of education, 8+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management, or related.Internal applicants only:
technical proficiency rating of
Proficient
on the Dreyfus Cyber engineering scale.
Physical and Cognitive RequirementsThe physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable a qualified individual with disabilities to perform the essential functions of the position as required by federal, state, and local laws:Primarily remain in a stationary position.Primarily performed indoors in an office setting.Ability to operate office equipment such as but not limited to computer, telephone, printer, and calculator.Ability to communicate verbally; ability to communicate in written form.Travel up to 10% of the time.
Bonus Points If You Have
Two relevant Cybersecurity certifications such as CISSP, CISM, CRISC, GIAC, or equivalent.10 years of experience in Cybersecurity Risk Management.In-depth knowledge of risk management frameworks such as NIST CSF, ISO 27001, CRI, and COBIT.Strong understanding of cybersecurity principles, threats, and vulnerabilities.Experience with security controls and their assessment methodologies.Excellent analytical and problem-solving skills.Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.Ability to manage multiple projects and priorities in a fast-paced environment.Proficiency in using GRC and Process Mapping tools.Knowledge of regulatory requirements and industry standards related to cybersecurity.Ability to work under pressure and manage multiple priorities.Experience in a similar role within a large enterprise or Financial organization.External applicants will be required to perform a technical interview.
Discover will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States on a full-time basis.Application Deadline:The application window for this position is anticipated to close on Oct-27-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
#J-18808-Ljbffr
With us, you’ll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it — we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.Come build your future while being the reason millions of people find a brighter financial future with Discover.Job Description:
What You’ll Do
We are seeking a highly skilled and experienced Cybersecurity Risk and Control Self-Assessment Expert to join our team. The ideal candidate will be responsible for conducting comprehensive risk assessments, evaluating the effectiveness of security controls, and implementing strategies to mitigate identified risks. This role requires a deep understanding of cybersecurity principles, risk management frameworks, and control assessment methodologies.Optimizes cybersecurity program processes and output. Contributes to the broader program roadmap. Drives reporting accuracy and demands excellence in department deliverables.Actively manages and escalates risk and customer-impacting issues within the day-to-day role to management.How You’ll Do It
Conduct thorough cybersecurity risk assessments to identify potential threats and vulnerabilities within the organization’s infrastructure and applications.Develop and implement risk management strategies to mitigate identified risks and ensure the security of information assets.Perform control self-assessments to evaluate the effectiveness of existing security controls and identify areas for improvement.Develop new risks and controls to address the security gaps.Collaborate with various departments to ensure that cybersecurity risks are identified, assessed, and managed in accordance with organizational policies and industry best practices.Develop and maintain risk assessment and control self-assessment documentation, including reports, policies, and procedures.Assess the effectiveness of security controls and create control effectiveness rationale.Provide guidance and training to staff on cybersecurity risk management and control assessment practices.Stay up-to-date with the latest cybersecurity trends, threats, and technologies to ensure the organization’s security posture remains robust.Assist in the implementation of cybersecurity policies, standards, and guidelines.Map the organization's cybersecurity standards to the industry frameworks and its applicable controls.Manage and execute cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.Maintain an awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI-DSS).Perform in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory, and legal requirements.Design metrics and develop advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business-friendly manner to Cybersecurity Leadership and 2nd line partners. Proactively identify and report control deficiencies as issues within action plans.Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.Utilize ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.Document risk assessments in Archer enterprise governance, risk, and compliance tool for review by external regulators and auditors. Prepare department, committee, and board-level reports and presentation materials.Gather and challenge data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.
Qualifications You’ll NeedThe Basics
Bachelor’s degree in information security, Information Technology, Analytics, Business Administration and Management, or Project Management.6+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management, or related.In lieu of education, 8+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management, or related.Internal applicants only:
technical proficiency rating of
Proficient
on the Dreyfus Cyber engineering scale.
Physical and Cognitive RequirementsThe physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable a qualified individual with disabilities to perform the essential functions of the position as required by federal, state, and local laws:Primarily remain in a stationary position.Primarily performed indoors in an office setting.Ability to operate office equipment such as but not limited to computer, telephone, printer, and calculator.Ability to communicate verbally; ability to communicate in written form.Travel up to 10% of the time.
Bonus Points If You Have
Two relevant Cybersecurity certifications such as CISSP, CISM, CRISC, GIAC, or equivalent.10 years of experience in Cybersecurity Risk Management.In-depth knowledge of risk management frameworks such as NIST CSF, ISO 27001, CRI, and COBIT.Strong understanding of cybersecurity principles, threats, and vulnerabilities.Experience with security controls and their assessment methodologies.Excellent analytical and problem-solving skills.Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.Ability to manage multiple projects and priorities in a fast-paced environment.Proficiency in using GRC and Process Mapping tools.Knowledge of regulatory requirements and industry standards related to cybersecurity.Ability to work under pressure and manage multiple priorities.Experience in a similar role within a large enterprise or Financial organization.External applicants will be required to perform a technical interview.
Discover will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States on a full-time basis.Application Deadline:The application window for this position is anticipated to close on Oct-27-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
#J-18808-Ljbffr