Principal Cybersecurity Analyst ( Cybersecurity Risk and Control )

$103,000 - $174,200/Yr

Discover Financial Services - Riverwoods, IL

posted 4 days ago

Full-time - Mid Level
Riverwoods, IL
Credit Intermediation and Related Activities

About the position

The Cybersecurity Risk and Control Self-Assessment Expert will conduct comprehensive risk assessments, evaluate security controls, and implement strategies to mitigate risks within Discover's digital banking and payments infrastructure. This role is crucial for optimizing cybersecurity processes and ensuring the organization's security posture remains robust against emerging threats.

Responsibilities

  • Conduct thorough cybersecurity risk assessments to identify potential threats and vulnerabilities within the organization's infrastructure and applications.
  • Develop and implement risk management strategies to mitigate identified risks and ensure the security of information assets.
  • Perform control self-assessments to evaluate the effectiveness of existing security controls and identify areas for improvement.
  • Develop new risks and controls to address security gaps.
  • Collaborate with various departments to ensure cybersecurity risks are identified, assessed, and managed according to organizational policies and industry best practices.
  • Develop and maintain risk assessment and control self-assessment documentation, including reports, policies, and procedures.
  • Assess the effectiveness of security controls and create control effectiveness rationale.
  • Provide guidance and training to staff on cybersecurity risk management and control assessment practices.
  • Stay up-to-date with the latest cybersecurity trends, threats, and technologies to ensure the organization's security posture remains robust.
  • Assist in the implementation of cybersecurity policies, standards, and guidelines.
  • Map the organization's cybersecurity standards to industry frameworks and applicable controls.
  • Manage and execute cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.
  • Maintain awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI-DSS).
  • Perform in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory, and legal requirements.
  • Design metrics and develop advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business-friendly manner to Cybersecurity Leadership and 2nd line partners.
  • Proactively identify and report control deficiencies as issues within action plans.
  • Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.
  • Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.
  • Utilize ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.
  • Document risk assessments in Archer enterprise governance, risk, and compliance tool for review by external regulators and auditors.
  • Prepare department, committee, and board-level reports and presentation materials.
  • Gather and challenge data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.

Requirements

  • Bachelor's degree in information security, Information Technology, Analytics, Business Administration and Management, or Project Management.
  • 6+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management, or related fields.
  • In lieu of education, 8+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management, or related fields.
  • Technical proficiency rating of Proficient on the Dreyfus Cyber engineering scale for internal applicants.

Nice-to-haves

  • Two relevant Cybersecurity certifications such as CISSP, CISM, CRISC, GIAC or equivalent.
  • 10 years of experience in Cybersecurity Risk Management.
  • In-depth knowledge of risk management frameworks such as NIST CSF, ISO 27001, CRI, and COBIT.
  • Strong understanding of cybersecurity principles, threats, and vulnerabilities.
  • Experience with security controls and their assessment methodologies.
  • Excellent analytical and problem-solving skills.
  • Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
  • Ability to manage multiple projects and priorities in a fast-paced environment.
  • Proficiency in using GRC and Process Mapping tools.
  • Knowledge of regulatory requirements and industry standards related to cybersecurity.
  • Ability to work under pressure and manage multiple priorities.
  • Experience in a similar role within a large enterprise or Financial organization.

Benefits

  • Paid Parental Leave
  • Paid Time Off
  • 401(k) Plan
  • Medical, Dental, Vision, & Health Savings Account
  • STD, Life, LTD and AD&D
  • Recognition Program
  • Education Assistance
  • Commuter Benefits
  • Family Support Programs
  • Employee Stock Purchase Plan

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service