Discover. A brighter future.
With us, you’ll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it — we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
Job Description:
At Discover, be part of a culture where diversity, teamwork, and collaboration reign. Join a company that is just as employee focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
Excellent opportunity to practice your third party cybersecurity risk assessment expertise and simultaneously grow as a leader. Your primary responsibility is to assess the cybersecurity risks associated with third-party vendors that interact with Discover. Your assessments will ensure that these vendors adhere to our cybersecurity standards, policies, and compliance regulations to protect the customers data and enterprise systems against potential vendor supply chain threats.
Responsibilities
Conduct comprehensive cybersecurity risk assessments of third-party vendors, assessing their security controls, policies, standards, and infrastructure based on the business services they provide. Evaluate vendor compliance with relevant regulatory requirements, industry standards, and contractual obligations. Identify and prioritize potential cybersecurity risks associated with vendor relationships.
Analyze assessment findings to determine the level of risk posed by each vendor. Document detailed risk assessments reports and record GRC Issues for the identified vulnerabilities and recommendations for risk mitigation.
Communicate assessment results effectively to stakeholders, including senior management, procurement teams, and relevant departments.
Partner with the team leads to enhance the Subject Matter Expert (SME) program to perform comprehensive security assessments of third-party vendors.
Independently partner with the vendors, business owners, and Business Information Risk Officers (BISO) to manage the assessments with accuracy.
Demonstrable ability to analyze ISO 27001, SOC 2, Shared Information Gathering (SIG), and familiarity with security frameworks such as NIST 800-53, CSF, financial services related regulatory guidance / laws such as GLBA, FFIEC and international regulations such as GDPR.
Manage the life cycle of cyber findings / Issues and liaison with stakeholders for permanent remediation.
Demonstrate excellent value-added communication and technical writing skills.
Advance knowledge / seek training in the field of information security management including the emerging threat actors’ techniques, tactics, and procedures (TTP).
Be a frequent value-added speaker in forums and achieve team commitments.
Minimum Qualifications
At a minimum, here is what we need from you:
Bachelors – Computer Science, Information Security, Business or Analytics
4 years – Information Security, Cybersecurity, Computer Science, Data Analytics or related
In lieu of a degree 6 Years – Information Security, Cybersecurity, Computer Science, Data Analytics or related
Internal applicants only: technical proficiency rating of competent on the Dreyfus cybersecurity scale
Preferred Qualifications :If we had our say, we would also look for:
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Third-Party Risk Assessor (CTPRA), or Certified Information Security Manager (CISM) are desirable.
Strong understanding of cybersecurity principles, frameworks, and best practices (e.g., NIST Cybersecurity Framework, ISO 27001, GDPR).
Knowledge of Business Continuity Planning (BCP) / Resiliency principles.
Notable experience in assessment of technological information security threats and controls and vendor risk tiering.
Familiarity with Incident Response, penetration testing principles, Common Vulnerability Scoring System (CVSS), and MITRE.
Understanding of Agile methodology.
What are you waiting for? Apply today!
And while you're waiting to hear from us, don't forget to check out the great benefits Discover offers.
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer ( EEO is the law ). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other characteristic protected by federal, state, or local law in consideration for a career at Discover.
Application Deadline: The application window for this position is anticipated to close on Apr-01-2024. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
Compensation: The base pay for this position generally ranges between $88,500.00 to $149,300.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
Benefits:
We also offer a range of benefits and programs based on eligibility. These benefits include:
Paid Parental Leave
Paid Time Off
401(k) Plan
Medical, Dental, Vision, & Health Savings Account
STD, Life, LTD and AD&D
Recognition Program
Education Assistance
Commuter Benefits
Family Support Programs
Employee Stock Purchase Plan
Learn more at MyDiscoverBenefits.com .
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is committed to a diverse and inclusive workplace. Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights)
Discover complies with federal, state, and local laws applicable to qualified individuals with disabilities and is committed to providing reasonable accommodations. If you require a reasonable accommodation to search for a position, to complete an application, and/or to participate in an interview, please email HireAccommodation@discover.com . Any information you provide regarding your accommodation needs will be kept confidential and will only be used to determine and provide necessary accommodation.