Expert Vulnerability Analyst ( Third Party Vendor Risk Management )

$126,500 - $177,300/Yr

Discover Financial Services - Deerfield, IL

posted 5 months ago

Full-time - Senior
Remote - Deerfield, IL
Credit Intermediation and Related Activities

About the position

At Discover, be part of a culture where diversity, teamwork, and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We're all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career. As an Expert Vulnerability Analyst, you will drive DFS Cybersecurity strategic Compliance/Vulnerability management decisions. You will have oversight over Compliance/Vulnerability management roadmaps. You will consult on resilient support for next-generation systems to solve business challenges and enhance the control environment for executive decision-making. You are recognized outside of Discover as a thought leader. Actively managing and escalating risk and customer-impacting issues within the day-to-day role to management is a key part of your responsibilities. In a lead role, this is an excellent opportunity to practice your third-party cybersecurity risk program expertise and simultaneously grow as a leader. You will act as an advisor to upper management in Cybersecurity matters, providing guidance to Cybersecurity architects in the design and development of security solutions. You will direct security solutions and technical assurance in alignment with business risk and regulatory requirements, working closely with management to define and promote the strategic direction of the team. Your role will involve developing cyber solutions, internal processes, and standards for threat intelligence workflow, ensuring compliance with audit, regulatory, and legal requirements.

Responsibilities

  • Acts as advisor to upper management in Cybersecurity matters.
  • Provides guidance to Cybersecurity architects in the design and development of security solutions.
  • Directs security solutions and technical assurance in alignment with business risk and regulatory requirements.
  • Works closely with management to define and promote the strategic direction of the team.
  • Develops cyber solutions, internal processes, and standards for threat intelligence workflow.
  • Articulates defensive security measures, defines new security requirements, and develops mitigation techniques to maximize protection and preservation of the Brand.
  • Advises leadership on the entire range of risk matters facing the department and ensures the mitigation of operational risk.
  • Ensures compliance to audit, regulatory and legal requirements.
  • Designs metrics models and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication and non-repudiation.
  • Develops unique cybersecurity performance and risk indicators to maintain constant awareness of status of the highly dynamic operating environment.
  • Mentors and provides leadership to the team ensuring assessments products are risk-based, accurate and meet the enterprise governance/service level agreement requirements.
  • Provides expert level guidance and coaching for complex vendor assessments managing the risk appropriately.
  • Demonstrates strong understanding of Third Party Risk Management (TPRM) program and associated governance oversight including Issues management.
  • Continuously partners to enhance the TPRM Subject Matter Expert (SME) program to perform comprehensive security assessments of third-party vendors to identify risks and vulnerabilities.
  • Reports the SME program Key Risk Indicator metrics to senior management.
  • Demonstrates ability to analyze ISO 27001, SOC 2, SIG, and familiarity with security frameworks such as NIST 800-53, CSF, financial services related regulatory guidance/laws such as GLBA, FFIEC and international regulations such as GDPR.
  • Collaborates closely with key stakeholders including internal business partners, second line, auditors, risk officers and vendors as the lead subject matter expert.
  • Manages the life cycle of cyber findings/Issues and liaises with stakeholders for permanent remediation.
  • Assists in the review and maintenance of TPRM governance Standard documentation related to the program.
  • Liaises with Business Information Security Office (BISO) team to optimize workload delivery.
  • Actively monitors and escalates risk and customer-impacting issues within the day-to-day role of management.
  • Demonstrates excellent value-added communication and technical writing skills.
  • Advances knowledge/seeks training in the field of information security management including the emerging threat actors' techniques, tactics, and procedures (TTP).
  • Communicates effectively and promptly every day and leads vendor risk discussions at Discover.

Requirements

  • Expertise in Cybersecurity and Vulnerability Management.
  • Strong understanding of Third Party Risk Management (TPRM) programs.
  • Experience with ISO 27001, SOC 2, SIG, and security frameworks such as NIST 800-53, CSF.
  • Familiarity with financial services regulatory guidance/laws such as GLBA, FFIEC, and international regulations such as GDPR.
  • Proven ability to analyze and develop metrics models for cybersecurity performance and risk indicators.
  • Excellent communication and technical writing skills.
  • Experience in mentoring and providing leadership to teams.

Nice-to-haves

  • Experience in a lead role within a cybersecurity team.
  • Familiarity with advanced cybersecurity threat intelligence workflows.
  • Experience in conducting vendor assessments and managing associated risks.

Benefits

  • Work from home option available.
  • Competitive salary range between $103,000 and $174,000 per year.
  • Employee-focused culture with a commitment to diversity and teamwork.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service