Senior Principal Cybersecurity Architect
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
Job Description
We are looking for progressive minded, innovative Senior Principal Cybersecurity Architect, who can whiteboard a solution, as well as successfully deliver capabilities/solutions. The Senior Principal - Security Architect will be part of the Cybersecurity Architecture Team focused on helping design and mature, innovative and cutting edge secure architecture capabilities. As a Senior Principal-Security Architect you will provide technical leadership for cloud security domain and is expected to solve complex security problems. You will be integral in ensuring security is integrated into cloud services, aligning business strategy with technology and doing so in a manner which ensures security is built-in. You will participate in the decision-making processes related to cloud architectures solutions, have an opportunity to influence implementation of sound architectural best practices. S/he will be responsible for identifying business use cases for new technical capabilities, conducting hands-on evaluations and developing value proposition for new third party products and services. You will lead initiatives designed to share knowledge across teams. S/he will act as the ambassador and technical representative for Cybersecurity in the cloud, while engaging with other senior technical leaders throughout organization in design and implementation of cloud and hybrid-cloud based implementations and solutions.
This individual will be expected to work closely with cybersecurity product managers, cloud security engineering teams, users of Cybersecurity technologies, enterprise architects, developers and operators as well as business users to champion and help deliver and mature security posture. The ideal candidate will have business acumen, a sound understanding of the cybersecurity with the ability to think, operate and balance priorities in extreme dimensions—strategic and tactical, long-term and near-term. This individual will also be a strong proponent and practitioner of infrastructure as code practices.
This is an excellent opportunity for someone who is a self-starter, loves to solve problems, loves to enable secure business practices and take pride in maturing security capabilities, reduce risk and get recognized and rewarded for hard work.
Responsible for creating the architecture and engineering strategy to protect the Corporate Brand. Designs the Cybersecurity road map to contain potential breaches and deliver highly-complex secure systems, cyber applications, technical projects and regulatory and risk requirements. Establish the direction for major architecture programs. Drives Cybersecurity framework, road map, program optimization, process engineering, risk remediation, and mitigation of operational risk in a high velocity culture by introducing technology, requirements, deliverables, gaps and systems design. Supports and supplements Sr Manager non-personnel functions. Analyzes competitive strategies, cyber technologies, metrics models, and performance indicators. Contributes to robust and innovative strategic solutions and build resilient support for next-generation systems to solve business challenges and enhance the control environment and executive decision-making.
Responsibilities:
- Designs metrics models and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication and non-repudiation. Develops unique cybersecurity performance and risk indicators to maintain constant awareness of the status of the highly dynamic operating environment. Develops assessment plans and measures of risk performance for effective dashboard reporting. Conducts strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.
- Acts as the principal advisor to upper management in Cybersecurity matters. Provides requirements to Cybersecurity architects and engineers in the design and development of security solutions consistent with business goals and risk tolerance. Works closely with architects, engineers, and key stakeholders to ensure security requirements are effectively met through all phases of system lifecycles. Determines whether systems perform as expected, provides input to the determination of operational effectiveness, and takes action to remediate issues and resolve gaps. Directs security solutions and technical assurance in alignment with business risk and regulatory requirements. Performs Sr. Manager, non-personnel responsibilities as needed.
- Works closely with management to define, promote, and present the strategic direction of the department. Provides strong leadership and direction to team members. Provides subject matter expertise across all Cybersecurity technologies. Articulates defensive security measures, defines new security requirements, and develops mitigation techniques to maximize protection and preservation of the corporate brand.
- Oversees Cybersecurity projects and initiatives to ensure complete and timely delivery of key objectives.
- Identifies, evaluates, and remediates potential vulnerabilities, and develops cyber solutions, internal processes, and standards for threat intelligence workflow. Contains potential breaches, conducts digital forensics, and submits an independent, classified incident review to senior leadership. Advises leadership on an entire range of risk matters facing the department and ensures the mitigation of operational risk. Resolves conflicts in laws, regulations, policies, standards, or procedures. Resolves and remediates security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers, internal business partners, and external vendors. Provides oversight for team direction, tactical responsibilities, and effective controls
Minimum Qualifications
At a minimum, here’s what we need from you:
- Bachelor's Degree in Information Security, Engineering, Computer Science, Business Administration, Data Analytics, or related field
- 10+ years of experience in Information Security, Engineering, Computer Science, Business Administration, Data Analytics, or related field
- In lieu of a degree, 10+ years of experience in Information Security, Engineering, Computer Science, Business Administration, Data Analytics, or related field.
Preferred qualifications:
If we had our say, we’d also look for:
- Strong problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution
- Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations.
- Ability to manage multiple projects in a fast-paced environment.
- Have experience working in DevOps environment, ability to script/code if necessary in Python or similar languages
- Have experience of building road maps, reference architectures, patterns, threat models, project planning/reporting and management concepts, methodologies, tools, standards and procedures
- Have hands-on technical experience in designing, building and securing AWS and GCP services
- Experience with assessment, implementation, optimization, and documentation of broad set of security technologies and processes such as data protection, cryptography, key management, identity and access management, systems security, network security) within IaaS, PaaS and SaaS environments
- Knowledge of securing Kubernetes, Docker Containers, Server less environments is a plus
- Knowledge of application security and secure software development practices in DevOps, CI/CD environment is a plus
- Knowledge in banking or payment services is a plus
- Knowledge payment compliance and standards (PCI DSS, FFIEC, NIST Security Standards and Frameworks) is a plus
#LI-LJ1
What are you waiting for? Apply today!
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status in consideration for a career at Discover.