1+ months

Principal Information Security Risk - P179360

Riverwoods, IL 60015
  • Job Code
    P179360

At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers, and which is consistently awarded for both. We're all about people and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.

The ISPO (Information Security Program Office) is seeking a Principal Analyst to strengthen our Oversight Program. This program is an integral part of governance, risk, and compliance for information security throughout Discover Financial Services. The right candidate will have strong communication, time management, and team skills as well as a deep knowledge of information security practices. One or more of the following certifications is preferred: CISSP, CRISC, CISM, CISA, GIAC.
The Principal Information Security Risk Analyst is a key position for the effective and efficient operation of the ISPO Operations and Oversight team that can execute the following crucial responsibilities. Plans and leads information security risk assessments of complex IT systems to identify and assess appropriate risks against the holistic threat landscape. Presents risk assessment results to senior leadership in a clear and professional manner. Contributes to the team with innovative ideas, thought leadership, and clear feedback. Ensures risk assessment approaches, practices, and guidelines align with Discover's policies and standards as well as industry best practices.

Responsibilities
  • Organizes and conducts risk assessments in a thorough, competent, and timely manner.
  • Ensures proper planning, execution, and quality assurance of each assessment.
  • Provides strong leadership and direction to team members.
  • Provides subject matter expertise across all information security technologies.
  • Enforces DFS's security policies and standards through internally controlled oversight and self-assessments.
  • Identifies opportunities to enhance policies or standards.
  • Designs measures for risk and performance of information security controls.
  • Collaborates with all areas of IT and Cyber Security to ensure system vulnerabilities are addressed and remediated effectively and efficiently.
  • Presents assessment reports and other oversight activities at bi-weekly cross departmental and sub-committee meeting.
  • Assists in providing direct support to staff for information security related issues and gaps.
  • Develops thorough, clear, and effective processes and procedures.
  • Advises upper management on information security issues.
  • Works closely with management to define and promote the strategic direction of the team.

Minimum Qualifications

At a minimum, here's what we need from you:

  • Bachelor's Degree in Engineering, Computer Science, Information Security/Cybersecurity, Computer Engineering, Information Technology, or related field
  • 6+ years of experience in Information Security, Management, Risk Management, or related field
  • One or more of the following certifications: CISSP, CRISC, CISM, CISA, GIAC.

Preferred Qualifications

If we had our say, we'd also look for:

  • Master's Degree in Engineering, Computer Science, Information Security/Cybersecurity, Computer Engineering, Information Technology, or related field
  • 8+ years of experience in Information Security, Management, Risk Management, or related field
  • Certifications: CISSP, CISM, CRISC, CISA, GIAC
  • Excellent documentation and presentation skills with the ability to explain information security concepts to audiences outside of the field.
  • Professional information security risk management experience.
  • In-depth knowledge/competency: information security, strategic thinking, process development, project management, relationship building and influence, talent management, communications, and inspirational leadership
  • In-depth knowledge/competency: risk management, operational security protections / technologies (e.g. endpoint security, SIEM), application security, incident response, identity and access management, network security, cloud security, threat intelligence, vulnerability management, BCP, and compliance
  • In-depth knowledge of information security standards and frameworks (COBIT, NIST CSF, NIST 800-53, ISO27001).
  • Knowledge of GLBA, SOX, PCI, NYDFS and other data privacy regulations and standards that apply to the financial industry

Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.



Categories

Industry

  • Banking / Finance
Posted: 2019-06-30 Expires: 2019-10-04

Welcome to Discover
We strive to be the leading direct bank and payments services company. Our mission is to help people spend smarter, manage debt better, and save more to achieve a brighter financial future.


Why Work with Us?
You can make an impact. Whether it’s developing corporate strategy, innovating new services or supporting IT needs, every employee has the opportunity to be a vital part of our business and make a real difference in people’s lives. It’s the heart of what we do.


 

Employment Trends

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Principal Information Security Risk - P179360

Discover
Riverwoods, IL 60015

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast