Advisor, Information Security
It's fun to work in a company where people truly BELIEVE in what they're doing!
Job Summary
The Advisor, Information Security is responsible for consulting as part of Card Services Information Security regarding security related aspects of business initiatives, projects, applications, databases, and other system environments across the various lines of business. This person is expected to champion processes and technology as a subject matter expert in various areas. This position works closely with teams across the organization to help provide superior protection to Card Services information assets.
Job Description
Essential Job Functions
Cyber and GCC Risk Assessment and Advisement - Provide cyber and general computing control risk assessment and advisory services to business and IT constituents related to new development efforts, significant changes to IT systems and infrastructure, and IT vulnerability management. Produce risk assessment and advisory reporting to ensure risks are adequately recorded and tracked to resolution, acceptance, or transference. Monitor the cyber landscape for emerging threats and their potential impact (risk) to the organization using threat modeling analysis tools and resources. Utilizes planning and organization tools to develop project/action plans. Meets deliverable deadlines as directed.
Cyber Security Tooling and Processes – Possess intermediate knowledge of company Cyber Security Tools and affiliated operational processes. Utilize knowledge when advising to determine residual risk of identified threats or control weaknesses. Champion the use Cyber Security Tooling through education and awareness of constituents.
Regulatory Requirements and Control Frameworks – Foundational knowledge of regulatory bodies and corresponding compliance requirements including, but not limited to: PCI-DSS, SOX, GLBA, CCPA, GDPR. Intermediate knowledge of control frameworks including, but not limited to: FFIEC Examination Handbooks, NIST 800-53, ISO 27001. Foundational knowledge of Cyber Security Maturity Frameworks such as NIST-CSF and FFIEC Cyber Assessment Tool.
General Information Technology- Intermediate to advanced knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling.
Metrics and Presentation Skills – Ability to produce meaningful and actionable metrics through data analysis. Conduct data analysis exercises using Excel Pivot Tables, Microsoft Access Queries, and other data driven analysis tools. Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. Intermediate to expert English writing skills expected.
Human Relations – Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen’s terms or analogies that help with other’s understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful. Utilizes subject matter expertise to guide and coach less experienced team members.
Reports to: Manager, Information Security
Working Conditions/ Physical Requirements: General office environment
Direct Reports: None
Minimum Qualifications:
High school diploma or equivalent education
Four or more years in Information Security, IT Audit, Risk Management
One or more field related professional technical certifications (CISSP, CISA, CISM, Security+)
Preferred Experience:
Bachelors Degree or equivalent experience in Computer Science, Networking or Information Technology
Certifications: One or more field related professional technical certifications (CISSP, CISA, CISM, Security+)
About Bread Financial
At Bread Financial, you’ll have the opportunity to grow your career, give back to your community, and be a part of our award-winning culture. We’ve been consistently recognized as a best place to work in many markets and we’re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled—both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression.
Bread Financial is a tech-forward financial services company providing simple, personalized payment, lending and saving solutions. The company creates opportunities for its customers and partners through digitally-enabled choices that offer ease, empowerment, financial flexibility and exceptional customer experiences. Driven by a digital-first approach, data insights and white-label technology, Bread Financial delivers growth for its partners through a comprehensive product suite, including private label and co-brand credit cards, installment lending, and buy now, pay later (BNPL). Bread Financial also offers direct-to-consumer solutions that give customers more access, choice and freedom through its branded Bread CashbackTM American Express’® Credit Card and Bread SavingsTM products.
Formerly Alliance Data, Bread Financial is an S&P MidCap 400 company headquartered in Columbus, Ohio, and committed to sustainable business practices powered by its 6,000+ global associates.
- Bread Financial offers competitive pay, a comprehensive selection of benefit options including 401(k).
- The Company is an Equal Opportunity Employer.
- Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for the Company.
- The Company participates in E-Verify.
- The Company will consider for employment all qualified applicants, including those with a criminal history, in a manner consistent with the requirements of all applicable federal, state, and local laws, including the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act. Applicants with criminal histories are encouraged to apply.
- The Company complies with the Americans with Disabilities Act (ADA), as amended, and all applicable state/local laws. The Company will provide accommodations to applicants needing accommodations to complete the application process. Applicants with disabilities may contact the Company to request and arrange for accommodations. If you need assistance to accommodate a disability, you may request an accommodation at any time. Please contact the Recruiting Team at [email protected].
Disclosure of COVID-19 vaccination status will be required after acceptance of a conditional offer of employment except where prohibited by applicable law. Starting January 2022 and to the extent allowed by applicable law, the Company will require all associates who will be on-site or who will travel or interact with others in person as part of their job duties to either be fully vaccinated against COVID-19 or undergo at least weekly testing. The Company is an equal opportunity employer and will consider reasonable accommodations where required by applicable law.
Job Family:
Information Technology
Job Type:
Regular