Discover Financial Services · 2 days ago
Principal Cybersecurity Analyst ( Cybersecurity Risk and Control )
United States
Full-time
Remote
Senior Level
6+ years exp
Maximize your interview chancesBankingCredit
No H1B
Hiring Manager
Gary Naranjo
Insider Connection @Discover Financial Services
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Implement and oversee the Cybersecurity RCSA program, including the annual attestation, process management, and reporting.
Serve as a 1st Line of Defense RCSA SME, supporting proper identification of Cybersecurity risks and establishing adequate control environment
Conduct thorough cybersecurity risk assessments to identify potential threats and vulnerabilities within the organization’s infrastructure, and application.
Develop and implement risk management strategies to mitigate identified risks and ensure the security of information assets.
Perform control self-assessments to evaluate the effectiveness of existing security controls and identify areas for improvement.
Develop new risks and controls to address the security gaps.
Collaborate with various departments to ensure that cybersecurity risks are identified, assessed, and managed in accordance with organizational policies and industry best practices.
Develop and maintain risk assessment and control self-assessment documentation, including reports, policies, and procedures.
Assess the effectiveness of security controls and create control effectiveness rationale.
Provide guidance and training to staff on cybersecurity risk management and control assessment practices.
Stay up-to-date with the latest cybersecurity trends, threats, and technologies to ensure the organization’s security posture remains robust.
Assist in the implementation of cybersecurity policies, standards, and guidelines.
Map the organization's cybersecurity standards to the industry frameworks and its applicable controls.
Manages and executes cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.
Maintains an awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI-DSS).
Performs in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory and legal requirements.
Designs metrics and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business-friendly manner to Cybersecurity Leadership and 2nd line partners. Proactively identifies and reports control deficiencies as issues within action plans.
Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.
Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.
Utilizes ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.
Documents risk assessments in Archer enterprise governance, risk and compliance tool for review by external regulators and auditors. Prepares department, committee, and board-level reports and presentation materials.
Gathers and challenges data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in information security, Information Technology, Analytics, Business Administration and Management or Project Management
6+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related
In lieu of education, 8+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related
Internal applicants only: technical proficiency rating of Proficient on the Dreyfus Cyber engineering scale.
Preferred
Two relevant Cybersecurity certifications such as CISSP, CISM, CRISC, GIAC or equivalent.
10 years of experience in Cybersecurity Risk Management.
In-depth knowledge of risk management frameworks such as NIST CSF, ISO 27001, CRI, and COBIT.
Strong understanding of cybersecurity principles, threats, and vulnerabilities.
Experience with security controls and their assessment methodologies.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
Ability to manage multiple projects and priorities in a fast-paced environment.
Proficiency in using GRC and Process Mapping tools.
Knowledge of regulatory requirements and industry standards related to cybersecurity.
Ability to work under pressure and manage multiple priorities.
Experience in a similar role within a large enterprise or Financial organization.
Company
Discover Financial Services
We are Discover. As one of the most recognized brands in U.S.
10,001+ employees
Funding
Current Stage
Public CompanyTotal Funding
unknown2024-02-19Acquired· undefined
2007-06-22IPO· undefined
Leadership Team
Michael G. Rhodes
CEO
Roger C. Hochschild
President and Chief Operating Officer
Recent News
Payments Dive
2024-10-25
bloomberglaw.com
2024-10-23
Company data provided by crunchbase
