The Consultant of Information Security Risk Modeling will assist development and testing of information security risk models to solve information security risk problems that directly affect business units. This role will design framework and methodology for testing the efficacy of information security technical controls to ensure the accuracy of data getting fed into the models. There is an expectation that Consultant will participate in moderate to highly complex projects as they pertain to the organizations long-term information security strategy. Duties and responsibilities:
- Strong knowledge and understanding of network architecture, application design, systems engineering and integration to assess security controls
- Manage the testing of internal controls related to existing or emerging technologies to identify quality of the control and determine efficacy using risk models that incorporate principles of probabilistic forecasting as well as Bayesian analytics. Understand and articulate the underlying approach and methodology in risk models in order to convey due diligence throughout the modeling process
- Provide consultative advice to information security systems engineers and development teams that enable them to make informed risk management decisions that will affect the outcome of business processes
- Assist in development of communication materials for senior and executive leadership presentation materials for senior to executive member
- Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to require standards and processes
Skills Skills/Education/Experience required:
- Bachelor Degree or equivalent experience
- 4 years of experience
Background in system engineering and information security in a large enterprise.
Familiar with advanced mathematical and statistical concepts.
- Willingness to obtain advanced certification within 2 yrs of acceptance
- Knowledge of software development concepts and methodologies
Knowledge of information security/cybersecurity engineering from cyber defense/technical security controls perspective
Able to develop appropriate methodologies, but willing to roll up sleeves and drive execution and implementation
Team orientated and will promote execution and change through influence
- Master Degree or equivalent experience
- Preferred Field of Study: Computer Science, Management of Information System, and Business & Statistics
- 6 years of experience
- CISSP or CISM
- Deep knowledge of information security risks effect on business.
Understanding of return on security investment
Ability to interpret threats and vulnerabilities in technology assets and formulate a holistic approach to forecasting risk
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
A little about us:
Discover is one of the most recognized brands in U.S. financial services. We’re a direct banking and payment services company built on a legacy of innovation and customer service.