Manage testing of independent controls review of cybersecurity, data management and technology control environments
Support integration efforts related to the assessment of Discover’s technology and data management controls
Perform detailed reviews of team’s assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution
Perform detailed reviews of team’s assessments of first line’s evaluation of mapping to industry requirements or frameworks in cybersecurity
Provide technical assessments of technology and data management control design and effectiveness by advising on/performing independent testing when necessary
Provide oversight of staff using scripting languages and/or advanced spreadsheet calculations to analyze the control inventory and perform scoping for control challenges
Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required
Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology and data management controls and capabilities
Participate in management of the overall technology control inventory which defines the scope of the controls review program
Stay current on emerging cyber threats, technologies, controls, and potential implications for the company
Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives
Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups
Communicate in a compelling manner to any audience, including internal and external stakeholders

Requirements

Bachelor’s degree or military experience
At least 7 years of experience managing, consulting or auditing information security or information technology
At least 5 years of experience in implementing and managing controls review assessments or controls testing functions based on established industry risk frameworks, including: the NIST Cybersecurity Framework, COBIT v5, or COSO
At least 5 years of experience with cybersecurity, technology or data management practices
At least 3 years of experience in people management or supervisory roles
Masters degree in Cybersecurity or Information Technology (Preferred)
Experience working for internal audit or risk management in financial services or other highly-regulated sectors (Preferred)
Experience with Python, SQL, and/or advanced excel functions (Pivot tables, VLOOKUP, etc.) (Preferred)
Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) (Preferred)
One or more of the following professional certifications: AWS Solutions Architect - Associate, AWS Solutions Architect - Professional, AWS Certified Security Specialty, AWS Developer - Associate, AWS Devops Engineer Professional, ISC2 Certified Cloud Security Professional (CCSP), or similar cloud security certifications (Preferred)
Experience within the Big 4 performing SOC 1 or SOC 2 assessments (Preferred)

Benefits

Comprehensive, competitive, and inclusive health, financial and other benefits that support your total well-being

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecuritydata managementcontrols reviewcontrols testingNIST Cybersecurity FrameworkCOBIT v5COSOPythonSQLadvanced Excel functions

Soft Skills

communicationcollaborationpeople managementoversightadvisingtechnical assessmentstakeholder engagementproblem-solvingleadershiporganizational skills

Certifications

Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC)Certified Information Systems Auditor (CISA)AWS Solutions Architect - AssociateAWS Solutions Architect - ProfessionalAWS Certified Security SpecialtyAWS Developer - AssociateAWS DevOps Engineer ProfessionalISC2 Certified Cloud Security Professional (CCSP)