Principal Cybersecurity Analyst ( Cybersecurity Risk and Control )

Posted 3 Days Ago
Chicago, IL
Hybrid
103K-174K Annually
Senior level
Cloud • Fintech • Machine Learning • Analytics • Financial Services
We power a network that helps people achieve a brighter financial future.
The Role
The Principal Cybersecurity Analyst will conduct comprehensive risk assessments, evaluate security controls, implement mitigation strategies, and manage cybersecurity risks. The role involves collaborating with departments, developing and maintaining documentation, and guiding staff on risk management practices, while staying updated on cybersecurity trends and compliance requirements.
Summary Generated by Built In

Discover. A brighter future.
With us, you'll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it - we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
Job Description:
What You'll Do

  • We are seeking a highly skilled and experienced Cybersecurity Risk and Control Self-Assessment Expert to join our team. The ideal candidate will be responsible for conducting comprehensive risk assessments, evaluating the effectiveness of security controls, and implementing strategies to mitigate identified risks. This role requires a deep understanding of cybersecurity principles, risk management frameworks, and control assessment methodologies.
  • Optimizes cybersecurity program processes and output. Contributes to the broader program roadmap. Drives reporting accuracy and demand excellence in department deliverables.
  • Actively manages and escalates risk and customer-impacting issues within the day-to-day role to management.


How You'll Do It

  • Conduct thorough cybersecurity risk assessments to identify potential threats and vulnerabilities within the organization's infrastructure, and application.
  • Develop and implement risk management strategies to mitigate identified risks and ensure the security of information assets.
  • Perform control self-assessments to evaluate the effectiveness of existing security controls and identify areas for improvement.
  • Develop new risks and controls to address the security gaps.
  • Collaborate with various departments to ensure that cybersecurity risks are identified, assessed, and managed in accordance with organizational policies and industry best practices.
  • Develop and maintain risk assessment and control self-assessment documentation, including reports, policies, and procedures.
  • Assess the effectiveness of security controls and create control effectiveness rationale.
  • Provide guidance and training to staff on cybersecurity risk management and control assessment practices.
  • Stay up-to-date with the latest cybersecurity trends, threats, and technologies to ensure the organization's security posture remains robust.
  • Assist in the implementation of cybersecurity policies, standards, and guidelines.
  • Map the organization's cybersecurity standards to the industry frameworks and its applicable controls.
  • Manages and executes cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.
  • Maintains an awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI-DSS).
  • Performs in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory and legal requirements.
  • Designs metrics and develops advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business-friendly manner to Cybersecurity Leadership and 2nd line partners. Proactively identifies and reports control deficiencies as issues within action plans.
  • Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews
  • Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.
  • Utilizes ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.
  • Documents risk assessments in Archer enterprise governance, risk and compliance tool for review by external regulators and auditors. Prepares department, committee, and board-level reports and presentation materials.
  • Gathers and challenges data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.


Qualifications You'll Need
The Basics

  • Bachelor's degree in information security, Information Technology, Analytics, Business Administration and Management or Project Management
  • 6+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related
  • In liu of education, 8+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related


Internal applicants only: technical proficiency rating of Proficient on the Dreyfus Cyber engineering scale.
Physical and Cognitive Requirements
The physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable a qualified individual with disabilities to perform the essential functions of the position as required by federal, state, and local laws:
Primarily remain in a stationary position.
Primarily performed indoors in an office setting
Ability to operate office equipment such as but not limited to computer, telephone, printer, and calculator.
Ability to communicate verbally.; Ability to communicate in written form.
Travel up to 10% of the time.
Bonus Points If You Have
• Two relevant Cybersecurity certifications such as CISSP, CISM, CRISC, GIAC or equivalent.
• 10 years of experience in Cybersecurity Risk Management.
• In-depth knowledge of risk management frameworks such as NIST CSF, ISO 27001, CRI, and COBIT.
• Strong understanding of cybersecurity principles, threats, and vulnerabilities.
• Experience with security controls and their assessment methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
• Ability to manage multiple projects and priorities in a fast-paced environment.
• Proficiency in using GRC and Process Mapping tools.
• Knowledge of regulatory requirements and industry standards related to cybersecurity.
• Ability to work under pressure and manage multiple priorities.
• Experience in a similar role within a large enterprise or Financial organization.
External applicants will be required to perform a technical interview.
Discover will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States on a full-time basis.
Application Deadline:
The application window for this position is anticipated to close on Nov-20-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
Compensation:
The base pay for this position generally ranges between $103,000.00 to $174,200.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
Benefits:
We also offer a range of benefits and programs based on eligibility. These benefits include:

  • Paid Parental Leave
  • Paid Time Off
  • 401(k) Plan
  • Medical, Dental, Vision, & Health Savings Account
  • STD, Life, LTD and AD&D
  • Recognition Program
  • Education Assistance
  • Commuter Benefits
  • Family Support Programs
  • Employee Stock Purchase Plan


Learn more at mydiscoverbenefits.com .
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is committed to a diverse and inclusive workplace. Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights & Pay Transparency Nondiscrimination Provision)
Discover complies with federal, state, and local laws applicable to qualified individuals with disabilities and is committed to providing reasonable accommodations. If you require a reasonable accommodation to search for a position, to complete an application, and/or to participate in an interview, please email [email protected] . Any information you provide regarding your accommodation needs will be kept confidential and will only be used to determine and provide necessary accommodation.

Top Skills

Cybersecurity

What the Team is Saying

Gina
Mamta
Darcy
Hiba
George
Mandy
Kumar
Brent
The Company
HQ: Riverwoods, IL
18,000 Employees
Hybrid Workplace
Year Founded: 1986

What We Do

Discover is one of the most recognized brands in U.S. financial services. We’re a direct banking and payment services company built on a legacy of innovation and customer service. We support, challenge and inspire employees to continually develop their skills, advance their career and help grow our business.

Why Work With Us

You can make an impact. Whether it’s developing corporate strategy, innovating new services or supporting IT needs, every employee has the opportunity to be a vital part of our business and make a real difference in people’s lives. It’s the heart of what we do.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Discover Teams

Team
Bring Ingenuity, Shine Bright
About our Teams

Discover Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Flexible
HQRiverwoods, IL
Houston, TX
New Albany, OH
Phoenix, AZ
Salt Lake City, UT
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account