Principal Cybersecurity Analyst ( Cybersecurity Risk and Control )

Discover. A brighter future.
With us, you'll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it - we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
Job Description:
What You'll Do

• We are seeking a highly skilled and experienced Cybersecurity Risk and Control Self-Assessment Expert to join our team. The ideal candidate will be responsible for conducting comprehensive risk assessments, evaluating the effectiveness of security controls, and implementing strategies to mitigate identified risks. This role requires a deep understanding of cybersecurity principles, risk management frameworks, and control assessment methodologies.
• Optimizes cybersecurity program processes and output. Contributes to the broader program roadmap. Drives reporting accuracy and demand excellence in department deliverables.
• Actively manages and escalates risk and customer-impacting issues within the day-to-day role to management.

How You'll Do It

• Conduct thorough cybersecurity risk assessments to identify potential threats and vulnerabilities within the organization's infrastructure, and application.
• Develop and implement risk management strategies to mitigate identified risks and ensure the security of information assets.
• Perform control self-assessments to evaluate the effectiveness of existing security controls and identify areas for improvement.
• Develop new risks and controls to address the security gaps.
• Collaborate with various departments to ensure that cybersecurity risks are identified, assessed, and managed in accordance with organizational policies and industry best practices.
• Develop and maintain risk assessment and control self-assessment documentation, including reports, policies, and procedures.
• Assess the effectiveness of security controls and create control effectiveness rationale.
• Provide guidance and training to staff on cybersecurity risk management and control assessment practices.
• Stay up-to-date with the latest cybersecurity trends, threats, and technologies to ensure the organization's security posture remains robust.
• Assist in the implementation of cybersecurity policies, standards, and guidelines.
• Map the organization's cybersecurity standards to the industry frameworks and its applicable controls.
• Manages and executes cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.
• Maintains an awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI-DSS).
• Performs in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory and legal requirements.
• Designs metrics and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business-friendly manner to Cybersecurity Leadership and 2nd line partners. Proactively identifies and reports control deficiencies as issues within action plans.
• Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews
• Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.
• Utilizes ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.
• Documents risk assessments in Archer enterprise governance, risk and compliance tool for review by external regulators and auditors. Prepares department, committee, and board-level reports and presentation materials.
• Gathers and challenges data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.

Qualifications You'll Need
The Basics

• Bachelor's degree in information security, Information Technology, Analytics, Business Administration and Management or Project Management
• 6+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related
• In liu of education, 8+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related

Internal applicants only: technical proficiency rating of Proficient on the Dreyfus Cyber engineering scale.
Physical and Cognitive Requirements
The physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable a qualified individual with disabilities to perform the essential functions of the position as required by federal, state, and local laws:
Primarily remain in a stationary position.
Primarily performed indoors in an office setting
Ability to operate office equipment such as but not limited to computer, telephone, printer, and calculator.
Ability to communicate verbally.; Ability to communicate in written form.
Travel up to 10% of the time.
Bonus Points If You Have
• Two relevant Cybersecurity certifications such as CISSP, CISM, CRISC, GIAC or equivalent.
• 10 years of experience in Cybersecurity Risk Management.
• In-depth knowledge of risk management frameworks such as NIST CSF, ISO 27001, CRI, and COBIT.
• Strong understanding of cybersecurity principles, threats, and vulnerabilities.
• Experience with security controls and their assessment methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
• Ability to manage multiple projects and priorities in a fast-paced environment.
• Proficiency in using GRC and Process Mapping tools.
• Knowledge of regulatory requirements and industry standards related to cybersecurity.
• Ability to work under pressure and manage multiple priorities.
• Experience in a similar role within a large enterprise or Financial organization.
External applicants will be required to perform a technical interview.
Discover will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States on a full-time basis.
Application Deadline:
The application window for this position is anticipated to close on Oct-27-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
Compensation:
The base pay for this position generally ranges between $103,000.00 to $174,200.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
Benefits:
We also offer a range of benefits and programs based on eligibility. These benefits include:

• Paid Parental Leave
• Paid Time Off
• 401(k) Plan
• Medical, Dental, Vision, & Health Savings Account
• STD, Life, LTD and AD&D
• Recognition Program
• Education Assistance
• Commuter Benefits
• Family Support Programs
• Employee Stock Purchase Plan

Learn more at mydiscoverbenefits.com .
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is committed to a diverse and inclusive workplace. Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights & Pay Transparency Nondiscrimination Provision)
Discover complies with federal, state, and local laws applicable to qualified individuals with disabilities and is committed to providing reasonable accommodations. If you require a reasonable accommodation to search for a position, to complete an application, and/or to participate in an interview, please email [email protected] . Any information you provide regarding your accommodation needs will be kept confidential and will only be used to determine and provide necessary accommodation.