at Discover in Riverwoods, Illinois, United States
Principal Cybersecurity Analyst (Cybersecurity Risk and Controls Management)
In-Office: Riverwoods, Illinois
About This Role
Discover. A brighter future.
With us, you’ll do meaningful work from Day 1. Ourcollaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together.And we mean it – we want you to grow and make a difference at one of the world’s leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
At Discover, be part of a culture where diversity,teamworkand collaboration reign. Join a company that is just asemployee-focusedas it is on its customersandis consistentlyawardedfor both. We’re all about people , and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
As a Principal Cybersecurity Analystand Risk Management professional, you will be part of the 1st line Cybersecurity Risk Center of Expertise Organization focused on improving and managing a portfolio of cybersecurity risks, controls, and processes by incorporating enterprise risk practices, aligning to industry frameworks, and reporting opportunities to Leadership. This role will lead our Cybersecurity organization through many enterprise initiatives including, process management improvements, Risk, Control, and Self-Assessment (RCSA) processes, and an enterprise-wide GRC modernization effort.
The Cybersecurity Risk Center of Expertise’s goal is toprovide transparency on risk and enable stakeholders to make informed risk-based decisions.The teameffectively challenges the status quo across the organization to ensure the appropriate management and reporting of risk.
+ Manage the portfolio of 1st line cybersecurity risk, controls, and processesand main point of contact for Cybersecurity Leadership, Product Owners, and various Governance Teams
+ Operationalize the mapping and reporting of risks, control objectives, and controls against industry frameworks tohighlight opportunities
+ Represent the Cybersecurity Organization in Enterprise-Wide GRC migration and process development initiatives
+ Ability to maintain awareness of emerging cybersecurity threats.
+ This position requires self-motivation and a strong willingness to learn and maintain relationships across all cyber programs and enterprise risk areas.
At a minimum, here’s what we need from you:
+ Bachelors – Information Security,Information Technology,Analytics,BusinessorProject Management
+ 6+ Years – Information Security, Information Technology, Business, Analytics, Project Management or related
+ In lieu of a degree8+ Years – Information Security, Information Technology, Business, Analytics, Project Management or related
+ Internal applicants only: technicalproficiencyrating ofproficienton the Dreyfus cybersecurity scale
If we had our say, we’d also look for:
+ In-depth knowledge of managing cybersecurity risks, control objectives, controls, and processes within a large enterprise
+ Direct experience of operationalizing CISO reporting through a taxonomy of risk and control effectiveness mapped to industry frameworks
+ Strong knowledge using Enterprise GRC tooling (Archer, Service Now, etc.)
+ Previous experience in performing cybersecurity risk assessments, process management, audits, or control testing
+ One or more information security certifications: CISSP, CISM, CRISC, CISA,
+ Understanding of cybersecurity industry standards, benchmarks, methodologies and frameworks (e.g. NIST-CSF, PCI-DSS, CIS Controls, CRI Profile, MITRE ATT&CK, etc).
+ Understanding of information security risk regulatory requirements
External applicants will be requiredto perform a technical interview.
The base pay for this position generally ranges between $100,500.00 to $170,100.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
We also offer a range of benefits and programs based on eligibility. These benefits include:
+ Paid Parental Leave
+ Paid Time Off
+ 401(k) Plan
+ Medical, Dental, Vision, & Health Savings Account
+ STD, Life, LTD and AD&D
+ Recognition Program
+ Education Assistance
+ Commuter Benefits
+ Family Support Programs
+ Employee Stock Purchase Plan
Learn more at MyDiscoverBenefits.com .
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is committed to a diverse and inclusive workplace. Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights)