Senior Cybersecurity Analyst
Job Description
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
As part of the Cybersecurity Assurance & Compliance Organization, you will assist in managing and executing the remediation of Cyber Issues (Risk) to bring applications, systems into Compliance with Security Standards. This position will work with security assessors to develop remediation plans, collect relevant artifacts that demonstrate compliance and work with application teams to remediate issues. This individual will work closely with all areas of the business and technology including, infrastructure, engineering, architecture, operations and application teams. This role must be able to understand security standards and interpret their applicability to technologies and systems at Discover.
Responsibilities
- The candidate must have strong risk management skills, be able to develop and track to a remediation plan.
- The candidate needs to be able to recognize obstacles that may derail progress and take the necessary steps to eliminate those obstacles and/or escalate appropriately.
- The candidate must be able to identify what information must be gathered to validate remediation assurance.
- This role will work with application, infrastructure and governance teams to develop remediation assurance plans and remediate compliance gaps.
- The candidate must have a knowledge of various regulatory audit control requirements (COBIT, COSO, PCI, ISO, FFIEC, & GLBA).
- Provide security expertise as requested and clearly communicate status and concerns to all levels of management.
- Maintain accurate information in the teams tracking tool, and support departmental metrics and KPI/KRI reporting.
- Leverage security expertise to contribute to program enhancement and continuous improvement efforts, and other team activities.
- Identify areas that can be automated and streamlined and develop new processes to make processes more efficient.
- Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.
- Identifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription threat-intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and takes appropriate action to report each incident, as required. Analyzes the organization’s cyber defense procedures and configurations, and evaluates compliance with regulations and organizational directives.
- Performs in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns.
- Develops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved.
- Maintains in-depth knowledge of security trends and threats. Designs and develops security solutions and processes that are consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.
Minimum Qualifications
At a minimum, here’s what we need from you:
- 2+ years of experience in Information Security, Computer Science, Data Analytics, or related field
Preferred Qualifications
If we had our say, we’d also look for:
- Bachelor’s Degree in Information Security , Computer Science, Business Administration, Data Analytics, or related field
- 3+ years’ experience in information security or technology audit, preferably in Financial Services.
- Ability to manage own workload with low supervision.
- Ability to manage multiple tasks simultaneously without compromising on quality.
- Familiarity with most technology infrastructure components (Unix/Linux, Windows, Middleware, Storage, Networking, Firewalls, etc.).
- Have excellent communication skills and be able to articulate complicated situations in a precise and concise manner.
- Project management skills with the ability to recognize obstacles that may derail progress and take the necessary steps to eliminate those obstacles and/or escalate appropriately.
- Helpful for candidates to have working knowledge and familiarity with; IT Security risk assessment; IT/IS policy development.
- PMP, CEH, GIAC, or related certifications
#LI-LJ1
Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.