This position is technical and analytical in nature and calls for a fast-learner with a history of technical and business experience. The ideal candidate will have strong organizational skills and the ability to manage a diverse work load in a fast paced environment. Responsibilities include information security risk analytics, reporting, change management process and technical implementation for the Information Security Strategy Team. This role focuses on applying risk management principles on solving complex business issues involving advanced analysis and reporting of data that inform business decisions through the development of information security risk scenarios leveraging internal, external and systemic inputs. The individual contributor will evaluate business issues with the intent delivering traditional-to advanced solutions to teammates/clients by gathering and analyzing security and operational intelligence from various sources. This role partners with various information and cyber security teams to identify control opportunities across different functional business areas of the enterprise. Duties and responsibilities:
- The Sr. Analyst of Information Security Analytics team interacts enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff.
- Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with and through business leaders and information security risk architecture.
- Conduct comprehensive analysis of risk scenarios and inform key stakeholders of findings on an ongoing basis.
- Responsible for advancing the enterprise-wide information security risk function to create a union of business risk and information security risk.
- Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to require standards and processes.
- Knowledge of national and international regulatory compliance and INFOSEC frameworks such as NIST CSF
* Financially astute, with a keen understanding of cost drivers
* Able to develop appropriate methodologies, but willing to roll up sleeves and drive execution and implementation
* Team orientated and will promote execution and change through influence
* Experience translating information security risk into business terms
Bachelor's Degree or Equivalent Experience (Preferred Field of Study in Computer Science or Business) Required Certification:
Years of Experience:
- CISM or willingness to obtain
- Min Years: 4 years
- Preferred Years: 6 years
- CRISC OR CISSP Certifications
* Deep knowledge of information security risks effect on business.
* Understanding of return on security investment
* Ability to interpret threats and vulnerabilities in technology assets and formulate a holistic approach to forecasting risk
* Familiarity with recommending and designing information security controls to mitigate threats and vulnerabilities
* Understanding of end-to-end risk management principles and how to implement across multiple business units
* Experience with GRC tools, including Archer and ServiceNow
* Knowledge of threat and vulnerability detection tools
#LI-RB1 We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
A little about us:
Discover is one of the most recognized brands in U.S. financial services. We’re a direct banking and payment services company built on a legacy of innovation and customer service.