Lead Analyst – Cybersecurity Assurance & Compliance
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
As part of the Cybersecurity Assurance & Compliance Organization, you will be responsible for all facets of the Assurance & Compliance assessment processes, including Payment Card Industry (PCI) Data Security Standard (DSS). These annual assessment processes are used to provide assurance to business & network partners that the technologies which comprise Payment Services’ card payment processing environment, Card, Loans etc have been secured in accordance with current data security standards. This person is expected, when necessary, to assess applications or technologies identifying gaps and potential threat. This person must be a strong communicator and comfortable collaborating with all levels of management as well as the business, infrastructure, engineering, architecture, operations and application teams.
- Lead security assessments of applications and/or technologies, when necessary, to identify gaps and potential threat.
- Facilitate assessments meetings between external assessors and Business Technology teams (Application Development, Infrastructure, Cybersecurity, etc.).
- Communication of non-compliant gaps to impacted technology teams.
- Collecting artifacts / evidence which supports compliance requirements, including PCI. Packaging and delivery of artifacts to external assessors.
- Oversee and track remediation efforts of identified gaps to completion.
- Ensure new, in-scope applications are deployed in a compliant manner.
- Act as subject matter expert for business technology and business partners for security compliance related matters. Provide security compliance consulting services as needed.
- Liaison between Business Technology teams and external assessors.
- Maintain accurate information and support departmental metrics and KRI reporting.
- Communicate monthly program status to business partners.
- Participate in initiatives to enhance and/or evolve Compliance programs.
- Perform review / quality control activities on reports from compliance programs.
- Maintain PCI Information Security Auditor (ISA) certification on annual basis.
- Identifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription-threat intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and take appropriate action to report each incident, as required. Analyzes the organization’s cyber defense procedures and configurations, and evaluates compliance with regulations and organizational directives.
- Performs in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns.
- Maintains in-depth knowledge of security trends and threats. Designs and develops security solutions and processes consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.
- Develops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives, and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved.
At a minimum, here’s what we need from you:
- Bachelor’s Degree in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- 4+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- In lieu of a degree, 6+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- 3+ years’ experience in information security or technology audit, preferably in Financial Services.
- Prior experience of security assessments of systems, applications at any level is a plus.
- Knowledge of IS Risk Frameworks and Standards (PCI-DSS, NIST 800-53, ISO 27000 series, NIST Cybersecurity Framework).
- Ability to understand and apply data security requirements, including PCI, to technologies used in Discover.
- Familiarity with most technology infrastructure components (Unix/Linux, Windows, Middleware, Mainframe, Storage, Networking, Firewalls, etc.).
- Familiarity with Data Warehouse technologies and processes (Teradata, Hadoop, Data Services).
- Familiarity with Amazon Web Services (AWS)
Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.
So, what are you waiting for? Apply today!