We power a network that helps people achieve a brighter financial future.

Expert Vulnerability Analyst ( Third Party Vendor Risk Management )

By clicking Apply Now you agree to share your profile information with the hiring company.
Employer Provided Salary: 103,000-174,200 Annually
Salary data is provided by the employer. Please note this is not a guarantee of compensation.

Discover. A brighter future.
With us, you'll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it - we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
Job Description:
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We're all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
As a Expert Vulnerability Analyst you will drives DFS Cybersecurity strategic Compliance/Vulnerability management decisions. You have oversight over Compliance/Vulnerability management roadmaps. You will consult on resilient support for next-generation systems to solve business challenges and enhance the control environment for executive decision-making. You are recognized outside of Discover as a thought leader. Actively manages and escalates risk and customer-impacting issues within the day-to-day role to management.
In a lead role, this is an excellent opportunity to practice your third party cybersecurity risk program expertise and simultaneously grow as a leader.

  • Acts as advisor to upper management in Cybersecurity matters. Provides guidance to Cybersecurity architects in the design and development of security solutions
  • Directs security solutions and technical assurance in alignment with business risk and regulatory requirements
  • Works closely with management to define and promote the strategic direction of the team. Develops cyber solutions, internal processes and standards for threat intelligence workflow
  • Articulates defensive security measures, define new security requirements and develop mitigation techniques to maximize protection and preservation of the Brand
  • Advises leadership on the entire range of risk matters facing the department and ensures the mitigation of operational risk. Ensures compliance to audit, regulatory and legal requirements
  • Designs metrics models and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication and non-repudiation. Develops unique cybersecurity performance and risk indicators to maintain constant awareness of status of the highly dynamic operating environment
  • Mentor and provide leadership to the team ensuring assessments products are risk-based, accurate and meet the enterprise governance / service level agreement requirements.
  • Provide expert level guidance and coaching for complex vendor assessments managing the risk appropriately.
  • Demonstrate strong understanding of Third Party Risk Management (TPRM) program and associated governance oversight including Issues management.
  • Continuously partner to enhance the TPRM Subject Matter Expert (SME) program to perform comprehensive security assessments of third-party vendors to identify risks and vulnerabilities.
  • Report the SME program Key Risk Indicator metrics to senior management.
  • Demonstrate ability to analyze ISO 27001, SOC 2, SIG, and familiarity with security frameworks such as NIST 800-53, CSF, financial services related regulatory guidance / laws such as GLBA, FFIEC and international regulations such as GDPR.
  • Collaborate closely with key stakeholders including internal business partners, second line, auditors, risk officers and vendors as the lead subject matter expert.
  • Manage the life cycle of cyber findings / Issues and liaison with stakeholders for permanent remediation.
  • Assist in the review and maintenance of TPRM governance Standard documentation related to the program.
  • Liaison with Business Information Security Office (BISO) team to optimize workload delivery.
  • Actively monitor and escalate risk and customer-impacting issues within the day-to-day role of management.
  • Demonstrate excellent value-added communication and technical writing skills.
  • Advance knowledge / seek training in the field of information security management including the emerging threat actors' techniques, tactics, and procedures (TTP).
  • Be a frequent value-added speaker in forums and achieve team commitments (and influence the team do the same leading by example) by using informal leadership & advanced communication skills.
  • Communicate effectively and promptly every day and lead vendor risk discussions at Discover. Conduct oversight on program impacting decisions. Guide team to achieve key results for the assigned security assessment tasks.

Minimum Qualifications
At a minimum, here's what we need from you:

  • Bachelors - Computer Science, Information Security, Business or Analytics or related
  • 8+ Years - Information Security, Cybersecurity, Computer Science, Data Analytics or related
  • In lieu of a degree, a minimum of 10+ Years of experience in Information Security, Cybersecurity, Computer Science, Data Analytics or related

Internal applicants only: technical proficiency rating of expert on the Dreyfus cybersecurity scale
Preferred Qualifications
If we had our say, we'd also look for:

  • 6+ years in core third party vendor risk management focused on assessment of information security controls, at least 2 years in a leadership role.
  • Principles of enterprise risk management lifecycle.
  • Familiarity with Incident Response, penetration testing principles, Common Vulnerability Scoring System (CVSS), and MITRE
  • GIAC, CISSP or CISM certifications.
  • Knowledge of Business Continuity Planning (BCP) / Resiliency principles.
  • Familiarity with industry cybersecurity frameworks / standards such as NIST 800-53, PCI-DSS and CSA.
  • Notable experience in assessment of technological information security threats and controls and risk tiering based on a risk management framework.
  • Understanding of Agile methodology.

External applicants will be required to perform a technical interview.
What are you waiting for? Apply today!
And by the way, while you're waiting to hear from us, don't forget to check out the great benefits Discover offers.
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
The same way we treat our employees is how we treat all applicants - with respect. Discover Financial Services is an equal opportunity employer ( EEO is the law ). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other characteristic protected by federal, state, or local law in consideration for a career at Discover.
Application Deadline:
The application window for this position is anticipated to close on May-27-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
The base pay for this position generally ranges between $103,000.00 to $174,200.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
We also offer a range of benefits and programs based on eligibility. These benefits include:

  • Paid Parental Leave
  • Paid Time Off
  • 401(k) Plan
  • Medical, Dental, Vision, & Health Savings Account
  • STD, Life, LTD and AD&D
  • Recognition Program
  • Education Assistance
  • Commuter Benefits
  • Family Support Programs
  • Employee Stock Purchase Plan

Learn more at .
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is committed to a diverse and inclusive workplace. Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights & Pay Transparency Nondiscrimination Provision)
Discover complies with federal, state, and local laws applicable to qualified individuals with disabilities and is committed to providing reasonable accommodations. If you require a reasonable accommodation to search for a position, to complete an application, and/or to participate in an interview, please email [email protected] . Any information you provide regarding your accommodation needs will be kept confidential and will only be used to determine and provide necessary accommodation.

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

What are Discover Perks + Benefits

Discover Benefits Overview

Start enjoying great benefits Day 1 — We support you with the same dedication we bring to all of our customers. Our comprehensive benefits package features first-class insurance, financial planning support and excellent perks designed to help you reach your goals and live a rich, healthy life.

Check out more of our amazing employee benefits at

Volunteer in local community
Discover’s business is built on helping people, and we invest in the community (Blessing Backpacks, Boys & Girls Clubs, Big Brothers/Sisters) to demonstrate our commitment to a brighter future.
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Remote work program
Dedicated diversity and inclusion staff
Mandated unconscious bias training
Diversity manifesto
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance + Wellness
Flexible Spending Account (FSA)
You can open a separate Health Care FSA (HCFSA) and contribute up to $2,650 tax-free from your paycheck to reimburse yourself for eligible out-of-pocket expenses.
Disability insurance
Employees receive Short-Term Disability Insurance at no cost.
Dental insurance
Discover offers two dental plan options — Standard and Premier — both are administered by MetLife.
Vision insurance
Discover offers two vision plan options — Standard and Premier through VSP.
Health insurance
Discover offers a variety of medical plans for you and eligible family members, so that you can choose the benefit plan that suits your needs.
Life insurance
As a Discover employee, you receive Basic Life Insurance of one times your HWEE (up to $500,000) at no cost to you.
Pet insurance
Purchase medical coverage at a discounted rate for your beloved family pet. The more pets you insure, the greater the discount.
Wellness programs
Help balance your work and personal life with a wide variety of free and discounted resource and referral services including family and relationship counseling and financial guidance.
Mental health benefits
Financial & Retirement
You may elect to contribute 1% to 30% of your eligible base salary, commissions and bonus on a pre-tax basis, up to IRS limits every year.
401(K) matching
Discover matches up to 6% of the pre-tax contributions you make to the 401(k) Plan.
Employee stock purchase plan
The ESPP provides eligible employees with an opportunity to purchase shares of Discover common stock through payroll deductions at a 5% discount.
Performance bonus
Charitable contribution matching
Child Care & Parental Leave
Childcare benefits
Generous parental leave
Family medical leave
Adoption Assistance
Discover helps eligible employees and their families with the costs of adoption by reimbursing certain expenses.
Company sponsored family events
Vacation + Time Off
Generous PTO
Discover has a Paid Time Off of 4 to 5 Weeks of paid time per year.
Paid volunteer time
Paid holidays
Discover provides 7 paid holidays.
Paid sick days
Office Perks
Commuter benefits
When you enroll in the Commuter Benefits Program at WageWorks, you’ll save on taxes on mass-transit passes, parking and other eligible expenses.
Company-sponsored outings
Onsite office parking
Recreational clubs
Relocation assistance
Fitness stipend
Onsite gym
Discover has fitness centers and Weight Watchers® programs at all five major locations.
Professional Development
Job training & conferences
Tuition reimbursement
Discover provides tuition reimbursement and a full-ride bachelor's degree program for select online degree programs.
Lunch and learns
Promote from within
Mentorship program
Continuing education stipend
Continuing education available during work hours
Online course subscriptions available
Customized development tracks

More Jobs at Discover

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about DiscoverFind similar jobs like this