Sr. Analyst, Info Security Program Measurement

The Information Security Program Office (ISPO) is responsible for the overall leadership, coordination and governance of the Information Security Management Program (“Program”) enterprise-wide. The ISPO reports into Corporate Security and partners with Discover’s BT Information Security department to ensure the overall Program framework and strategy are appropriately mitigating risk by having the appropriate controls in place as well as effectively challenging the various business units and support functions.

The ISPO is seeking a creative, energetic, and dedicated individual to assist in the continued evolution and enhancement of the Program enterprise-wide. Specifically, this individual assists with the Program’s measurement and maturity, KRI/KPI development, security metrics and reporting and ensuring the content in the risk and control library is kept current as it relates to information security controls. This individual needs to be an effective communicator, influencer and negotiator who is able to take the initiative in understanding the business as well as the field of Information Security. They will need to challenge and engage various levels enterprise-wide to ensure the Program is effectively managing the risk from the changing and dynamic threat landscape specific to financial services institutions.

Primary responsibilities will include:
• Assist in the development and maintenance of the enterprise-wide information security program framework
• Assess the Program’s health and perform program maturity assessments
• Assist in the development and maintenance of an information security strategy and roadmap as required by management
• Automate manual processes by leveraging a GRC tool
• Perform data correlation and analysis using the enterprise-wide information security framework
• Participate in the development and maintenance of the risk and control library as appropriate
• Assist in the development of metrics, scorecards, dashboards, KPIs, and KRIs designed to report on and measure program effectiveness
• Building constructive and collaborative partnerships/relationships across the organization
• Identify critical areas of potential information security risks and opportunities

Qualifications

• Bachelor’s degree in Business Administration, Risk Management, Information Security, or similar field; OR equivalent practical experience
• A minimum of 2 to 3 years of experience in information security or IT security
• Excellent written and verbal communication skills including expertise in creating and delivering executive presentations
• Practical experience and application of information security technologies, frameworks and controls to address risks to the organization
• Ability to effectively challenge prevailing thoughts and processes
• Ability to create effective security metrics and reporting to allow for decision making by management
• Ability to convey complex information risk and security issues in a manner easily understandable and actionable
• Well organized and detail oriented; Effective and active listener
• Work experience in Financial Services industry
• Knowledge of relevant information security frameworks and standards (e.g., NIST Cybersecurity Framework, ISO 17799/27002 and FFIEC Examiners Handbooks surrounding Information Security)
• Knowledge of relevant financial industry regulations, with an emphasis on information security requirements surrounding GLBA, SOX, FCRA, and FACTA We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.