Discover. A brighter future.
With us, you’ll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it — we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
Job Description
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both.
We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
Discover will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States on a full-time basis.
As a Expert Vulnerability Analyst you will drives DFS Cybersecurity strategic Compliance/Vulnerability management decisions. You have oversight over Compliance/Vulnerability management roadmaps. You will consult on resilient support for next-generation systems to solve business challenges and enhance the control environment for executive decision-making. You are recognized outside of Discover as a thought leader. Actively manages and escalates risk and customer-impacting issues within the day-to-day role to management.
In a lead role, this is an excellent opportunity to practice your third party cybersecurity risk program expertise and simultaneously grow as a leader.
Responsibilities
- Acts as advisor to upper management in Cybersecurity matters. Provides guidance to Cybersecurity architects in the design and development of security solutions
- Directs security solutions and technical assurance in alignment with business risk and regulatory requirements
- Works closely with management to define and promote the strategic direction of the team. Develops cyber solutions, internal processes and standards for threat intelligence workflow
- Articulates defensive security measures, define new security requirements and develop mitigation techniques to maximize protection and preservation of the Brand
- Advises leadership on the entire range of risk matters facing the department and ensures the mitigation of operational risk. Ensures compliance to audit, regulatory and legal requirements
- Designs metrics models and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication and non-repudiation. Develops unique cybersecurity performance and risk indicators to maintain constant awareness of status of the highly dynamic operating environment
- Mentor and provide leadership to the team ensuring assessments products are risk-based, accurate and meet the enterprise governance / service level agreement requirements.
- Provide expert level guidance and coaching for complex vendor assessments managing the risk appropriately.
- Demonstrate strong understanding of Third Party Risk Management (TPRM) program and associated governance oversight including Issues management.
- Continuously partner to enhance the TPRM Subject Matter Expert (SME) program to perform comprehensive security assessments of third-party vendors to identify risks and vulnerabilities.
- Report the SME program Key Risk Indicator metrics to senior management.
- Demonstrate ability to analyze ISO 27001, SOC 2, SIG, and familiarity with security frameworks such as NIST 800-53, CSF, financial services related regulatory guidance / laws such as GLBA, FFIEC and international regulations such as GDPR.
- Collaborate closely with key stakeholders including internal business partners, second line, auditors, risk officers and vendors as the lead subject matter expert.
- Manage the life cycle of cyber findings / Issues and liaison with stakeholders for permanent remediation.
- Assist in the review and maintenance of TPRM governance Standard documentation related to the program.
- Liaison with Business Information Security Office (BISO) team to optimize workload delivery.
- Actively monitor and escalate risk and customer-impacting issues within the day-to-day role of management.
- Demonstrate excellent value-added communication and technical writing skills.
- Advance knowledge / seek training in the field of information security management including the emerging threat actors’ techniques, tactics, and procedures (TTP).
- Be a frequent value-added speaker in forums and achieve team commitments (and influence the team do the same leading by example) by using informal leadership & advanced communication skills.
- Communicate effectively and promptly every day and lead vendor risk discussions at Discover. Conduct oversight on program impacting decisions. Guide team to achieve key results for the assigned security assessment tasks.
Minimum Qualifications
At a minimum, here’s what we need from you:
- Bachelors – Computer Science, Information Security, Business or Analytics or related
- 8+ Years – Information Security, Cybersecurity, Computer Science, Data Analytics or related
- In lieu of a degree, a minimum of 10+ Years of experience in Information Security, Cybersecurity, Computer Science, Data Analytics or related
Internal applicants only: technical proficiency rating of expert on the Dreyfus cybersecurity scale
Preferred Qualifications
If we had our say, we’d also look for:
- 6+ years in core third party vendor risk management focused on assessment of information security controls, at least 2 years in a leadership role.
- Principles of enterprise risk management lifecycle.
- Familiarity with Incident Response, penetration testing principles, Common Vulnerability Scoring System (CVSS), and MITRE
- GIAC, CISSP or CISM certifications.
- Knowledge of Business Continuity Planning (BCP) / Resiliency principles.
- Familiarity with industry cybersecurity frameworks / standards such as NIST 800-53, PCI-DSS and CSA.
- Notable experience in assessment of technological information security threats and controls and risk tiering based on a risk management framework.
- Understanding of Agile methodology.
External applicants will be required to perform a technical interview.
What are you waiting for? Apply today!
And by the way, while you're waiting to hear from us, don't forget to check out the great benefits Discover offers.
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other characteristic protected by federal, state, or local law in consideration for a career at Discover.
Application Deadline
The application window for this position is anticipated to close on Aug-26-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
Compensation
The base pay for this position generally ranges between $103,000.00 to $174,200.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
Benefits
We also offer a range of benefits and programs based on eligibility. These benefits include:
- Paid Parental Leave
- Paid Time Off
- 401(k) Plan
- Medical, Dental, Vision, & Health Savings Account
- STD, Life, LTD and AD&D
- Recognition Program
- Education Assistance
- Commuter Benefits
- Family Support Programs
- Employee Stock Purchase Plan
Learn more at mydiscoverbenefits.com.
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is committed to a diverse and inclusive workplace. Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights & Pay Transparency Nondiscrimination Provision)
Discover complies with federal, state, and local laws applicable to qualified individuals with disabilities and is committed to providing reasonable accommodations. If you require a reasonable accommodation to search for a position, to complete an application, and/or to participate in an interview, please email HireAccommodation@discover.com. Any information you provide regarding your accommodation needs will be kept confidential and will only be used to determine and provide necessary accommodation.