1+ months

Lead Cybersecurity Analyst - P121851_S1

Riverwoods, IL 60015
  • Job Code
\u003Cp\u003E At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. \u003Cstrong\u003E We\u0027re all about people, and our employees are why Discover \u003C/strong\u003E is \u003Cstrong\u003E a great place to work. \u003C/strong\u003EBe the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career. \u003C/p\u003E\u003Cp\u003E As part of the Cybersecurity Assurance Organization, you will be responsible for all facets of the Assurance \u0026 Compliance assessment processes, including Payment Card Industry (PCI) Data Security Standard (DSS). These annual assessment processes are used to provide assurance to business \u0026 network partners that the technologies which comprise Payment Services\u0027 card payment processing environment, Card, Loans etc have been secured in accordance with current data security standards. This person must be able to understand security standards and interpret their applicability to technologies and systems at Discover, and able to assess applications or technologies identifying gaps and potential threat. This person must be a strong communicator and comfortable collaborating with all levels of management as well as the business, infrastructure, engineering, architecture, security, operations and application teams. \u003C/p\u003E\u003Cp\u003E\u003Cstrong\u003EResponsibilities\u003C/strong\u003E\u003C/p\u003E\u003Cul\u003E\u003Cli\u003ELead security assessments of applications and/or technologies, to identify gaps and potential threat.\u003C/li\u003E\u003Cli\u003EFacilitate assessments meetings between external assessors and Business Technology teams (Application Development, Infrastructure, Cybersecurity, etc.).\u003C/li\u003E\u003Cli\u003ECommunicate non-compliant gaps to impacted technology teams.\u003C/li\u003E\u003Cli\u003ECollect and maintain documentation that supports compliance requirements.\u003C/li\u003E\u003Cli\u003EOversee and track remediation efforts of identified gaps to completion.\u003C/li\u003E\u003Cli\u003EEnsure new, in-scope applications are deployed in a compliant manner.\u003C/li\u003E\u003Cli\u003EAct as subject matter expert for business technology and business partners for security compliance related matters. Provide security compliance consulting services as needed.\u003C/li\u003E\u003Cli\u003ELiaison between Business Technology teams and external assessors.\u003C/li\u003E\u003Cli\u003EMaintain accurate information in the teams tracking tools, and support departmental metrics and KRI reporting.\u003C/li\u003E\u003Cli\u003ECommunicate monthly program status to business partners.\u003C/li\u003E\u003Cli\u003EParticipate in initiatives to enhance and/or evolve Compliance programs.\u003C/li\u003E\u003Cli\u003EPerform review / quality control activities on reports from compliance programs.\u003C/li\u003E\u003Cli\u003EMaintain PCI Information Security Auditor (ISA) certification on annual basis.\u003C/li\u003E\u003Cli\u003ELeverage security expertise to contribute to program enhancement and continuous improvement efforts, and other team activities.\u003C/li\u003E\u003Cli\u003EIdentify areas that can be automated and streamlined and develop new processes to make processes more efficient.\u003C/li\u003E\u003Cli\u003EPromote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.\u003C/li\u003E\u003Cli\u003EIdentifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription-threat intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and take appropriate action to report each incident, as required. Analyzes the organization\u0027s cyber defense procedures and configurations, and evaluates compliance with regulations and organizational directives.\u003C/li\u003E\u003Cli\u003EPerforms in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns.\u003C/li\u003E\u003Cli\u003EMaintains in-depth knowledge of security trends and threats. Designs and develops security solutions and processes consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.\u003C/li\u003E\u003Cli\u003EDevelops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives, and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved.\u003C/li\u003E\u003C/ul\u003E \u003C/p\u003E\u003Cp\u003E \u003Cp\u003E\u003Cstrong\u003EMinimum Qualifications\u003C/strong\u003E\u003C/p\u003E\u003Cp\u003E\u003Cstrong\u003EAt a minimum, here\u0027s what we need from you:\u003C/strong\u003E\u003C/p\u003E\u003Cul\u003E\u003Cli\u003EBachelor\u0027s Degree in Information Security, Computer Science, Business Administration, Data Analytics, or related field\u003C/li\u003E\u003Cli\u003E4\u002B years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field\u003C/li\u003E\u003Cli\u003EIn lieu of a degree, 6\u002B years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field\u003C/li\u003E\u003C/ul\u003E \u003C/p\u003E\u003Cp\u003E \u003Cul\u003E\u003Cli\u003E5\u002B years\u0027 experience in information security or technology audit, preferably in Financial Services.\u003C/li\u003E\u003Cli\u003EPrior experience of security assessments of systems, applications at any level is a plus.\u003C/li\u003E\u003Cli\u003EKnowledge of IS Risk Frameworks and Standards (PCI-DSS, NIST 800-53, ISO 27000 series, NIST Cybersecurity Framework).\u003C/li\u003E\u003Cli\u003EFamiliar with most technology infrastructure components (Unix/Linux, Windows, Middleware, Mainframe, Storage, Networking, etc.).\u003C/li\u003E\u003Cli\u003EFamiliarity with Data Warehouse technologies and processes (Teradata, Hadoop, Data Services).\u003C/li\u003E\u003Cli\u003EHave excellent communication skills and be able to articulate complicated situations in a precise and concise manner.\u003C/li\u003E\u003Cli\u003EAbility to manage own workload with low supervision, and looking for opportunities to improve.\u003C/li\u003E\u003Cli\u003EAbility to manage multiple tasks simultaneously without compromising on quality.\u003C/li\u003E\u003Cli\u003EStrong project management skills with the ability to recognize obstacles that may derail progress and take the necessary steps to eliminate those obstacles and/or escalate appropriately.\u003C/li\u003E\u003Cli\u003EDesired - at least one Professional Security Certification such as CISA, CRISC, CISSP, CISM or GIAC.\u003C/li\u003E\u003C/ul\u003E\u003Cp\u003E #LI-LJ1\u003C/p\u003E \u003C/p\u003E \u003Cp\u003E The same way we treat our employees is how we treat all applicants - with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity \u0026 inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status in consideration for a career at Discover. \u003C/p\u003E \u003Cbr\u003E\u003Cbr\u003E



  • Banking / Finance
Posted: 2019-09-11 Expires: 2019-12-12

Welcome to Discover
We strive to be the leading direct bank and payments services company. Our mission is to help people spend smarter, manage debt better, and save more to achieve a brighter financial future.

Why Work with Us?
You can make an impact. Whether it’s developing corporate strategy, innovating new services or supporting IT needs, every employee has the opportunity to be a vital part of our business and make a real difference in people’s lives. It’s the heart of what we do.


Employment Trends

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Lead Cybersecurity Analyst - P121851_S1

Riverwoods, IL 60015

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast