Cybersecurity Risk Advisor
Alliance Data Card Services' Enterprise Risk Organization is focused on cultivating a stronger, unified culture that embraces a sense of personal accountability for developing the highest standards in governance and controls across the company.
The Cybersecurity Risk Advisor will be a part of the Risk Management team reporting to the IT Risk Officer leader. This role will be responsible to provide consulting and guidance through formal risk reviews for IT related risk. The position will require someone with strong Information Technology, Information Risk (IT Security) and relationships skills. This role is integral to reducing risk within Alliance Data Card services and to achieving and maintaining our regulatory compliance.
Essential Job Functions
Risk consulting and guidance
Provide priority and recommendations for outstanding issues based on understanding of the Enterprise IT architecture and environment to enable teams to meet business demands while reducing risk.
Partner with IT leadership to ensure self-assessments are effective, with special attention to cybersecurity risks.
Leverage thorough understanding of Risk Management to ensure the IT Risk program strategy aligns with the broader enterprise risk strategy.
Provide pertinent routine guidance to Alliance Data Card Services IT Leadership regarding risk management awareness activities.
Partners with IT leadership, in particular Information Security / Cybersecurity to ensure IT risk management is a key tenant of strategy and develops a risk roadmap in alignment with risk appetite.
Provide risk opinions to Infosecurity / Cybersecurity leadership as an independent second line to ensure that priorities are aligned to those of greatest impact.
Partner with business stakeholders and build relationships as a trusted advisor.
Build an IT risk roadmap in partnership with IT leadership and measure progress.
Provide responses to regulatory inquiries and ensure that IT leverages second line opinions to allow for additional diligence.
Consult on vulnerability and issues management to assure risks are well defined and controls are effective to manage risks.
IT Security Advisement Program Effectiveness
Collaborate with IT Leadership to identify and provide regular recommendations based on the changing threat landscape, regulatory environment, and technology trends.
Partners with analytics team to develop relevant metrics to determine the impact of advisement.
Collaborates with broader risk team to ensure IT leadership and associates obtain the necessary training and guidance to continually improve upon how they manage risk.
Conduct on-going reviews by department and/or function to ensure ongoing audit readiness.
Consult on cyber related issues and provide oversight to key IT releases.
Bachelor's degree in Risk Management, Computer Science, Engineering, MIS or equivalent experience required.
CISA and CISSP preferred; NIST familiarity
Preferred Work Experience
7 years of experience including:
IT roles such as developer, architect, engineer, or similar function required
Compliance, IT security, risk management, or GRC- based role preferred
Quality and/or formal risk assessments (e.g. TQAs. FAIR, etc.) preferred
Knowledge, Skills and Abilities
IT technical acumen and knowledge of an Enterprise internal and external Cloud.
Understanding of key IT domains such as network, identity and access management, application security, SDLC and change management processes.
Understanding of the NIST cybersecurity framework.
Expertise in working within an enterprise risk function including (but not limited to) RCSA, QA, GRC, internal audit, or a similar function.
Strong technical and functional knowledge of enterprise risk including (but not limited to) an understanding of RCSA and risk frameworks.
Excellent oral and written communications; able to communicate, present and influence all levels of management and associates at all levels throughout the Company.
Project management skills involving concept development through implementation and measurement stages.
Excellent written skills that can describe technical controls effectively to use in inquiry response.
Working Conditions/ Physical Requirements
Normal office environment, some travel may be required.
Preferred Supervisory Experience
Alliance Data card services business
Alliance Data's card services business develops market-leading private label, co-brand, and business credit card programs for many of the world's most recognizable brands. Through our branded credit programs, we help build more profitable relationships between our partners and their cardmembers, and drive lasting loyalty. We uphold our Know more. Sell more. promise by leveraging unmatched customer insights, advanced analytics, and broad-reaching innovative capabilities. It's how we deliver increased sales to our partners, build enduring loyalty to their brands, and provide more value to our cardmembers.
Alliance Data offers a competitive salary, a comprehensive selection of benefit options including 401(k).
All job offers are contingent upon successful completion of credit and background checks.
Alliance Data is an Equal Opportunity Employer.
Alliance Data will provide accommodations to applicants needing accommodations to complete the application process.
Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for Alliance Data.
Alliance Data participates in E-Verify.
Alliance Data will consider for employment qualified applicants with criminal and credit histories in a manner consistent with the requirements of all applicable laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.
To learn more, visit www.KnowMoreSellMore.com/careers