Advisor, IT Risk

Alliance Data Columbus , OH 43216

Posted 6 months ago

Cybersecurity Risk Advisor

Alliance Data Card Services' Enterprise Risk Organization is focused on cultivating a stronger, unified culture that embraces a sense of personal accountability for developing the highest standards in governance and controls across the company.

The Cybersecurity Risk Advisor will be a part of the Risk Management team reporting to the IT Risk Officer leader. This role will be responsible to provide consulting and guidance through formal risk reviews for IT related risk. The position will require someone with strong Information Technology, Information Risk (IT Security) and relationships skills. This role is integral to reducing risk within Alliance Data Card services and to achieving and maintaining our regulatory compliance.

Essential Job Functions

Risk consulting and guidance

  • Provide priority and recommendations for outstanding issues based on understanding of the Enterprise IT architecture and environment to enable teams to meet business demands while reducing risk.

  • Partner with IT leadership to ensure self-assessments are effective, with special attention to cybersecurity risks.

  • Leverage thorough understanding of Risk Management to ensure the IT Risk program strategy aligns with the broader enterprise risk strategy.

  • Provide pertinent routine guidance to Alliance Data Card Services IT Leadership regarding risk management awareness activities.

  • Partners with IT leadership, in particular Information Security / Cybersecurity to ensure IT risk management is a key tenant of strategy and develops a risk roadmap in alignment with risk appetite.

Delivery

  • Provide risk opinions to Infosecurity / Cybersecurity leadership as an independent second line to ensure that priorities are aligned to those of greatest impact.

  • Partner with business stakeholders and build relationships as a trusted advisor.

  • Build an IT risk roadmap in partnership with IT leadership and measure progress.

  • Provide responses to regulatory inquiries and ensure that IT leverages second line opinions to allow for additional diligence.

  • Consult on vulnerability and issues management to assure risks are well defined and controls are effective to manage risks.

IT Security Advisement Program Effectiveness

  • Collaborate with IT Leadership to identify and provide regular recommendations based on the changing threat landscape, regulatory environment, and technology trends.

  • Partners with analytics team to develop relevant metrics to determine the impact of advisement.

  • Collaborates with broader risk team to ensure IT leadership and associates obtain the necessary training and guidance to continually improve upon how they manage risk.

  • Conduct on-going reviews by department and/or function to ensure ongoing audit readiness.

  • Consult on cyber related issues and provide oversight to key IT releases.

Preferred Education/Certifications

Bachelor's degree in Risk Management, Computer Science, Engineering, MIS or equivalent experience required.

CISA and CISSP preferred; NIST familiarity

Preferred Work Experience
7 years of experience including:

  • IT roles such as developer, architect, engineer, or similar function required

  • Compliance, IT security, risk management, or GRC- based role preferred

  • Quality and/or formal risk assessments (e.g. TQAs. FAIR, etc.) preferred

Knowledge, Skills and Abilities

  • IT technical acumen and knowledge of an Enterprise internal and external Cloud.

  • Understanding of key IT domains such as network, identity and access management, application security, SDLC and change management processes.

  • Understanding of the NIST cybersecurity framework.

  • Expertise in working within an enterprise risk function including (but not limited to) RCSA, QA, GRC, internal audit, or a similar function.

  • Strong technical and functional knowledge of enterprise risk including (but not limited to) an understanding of RCSA and risk frameworks.

  • Excellent oral and written communications; able to communicate, present and influence all levels of management and associates at all levels throughout the Company.

  • Project management skills involving concept development through implementation and measurement stages.

  • Excellent written skills that can describe technical controls effectively to use in inquiry response.

Working Conditions/ Physical Requirements

Normal office environment, some travel may be required.

Direct Reports

No

Preferred Supervisory Experience

N/A

#indprof #cb

Alliance Data card services business

Alliance Data's card services business develops market-leading private label, co-brand, and business credit card programs for many of the world's most recognizable brands. Through our branded credit programs, we help build more profitable relationships between our partners and their cardmembers, and drive lasting loyalty. We uphold our Know more. Sell more. promise by leveraging unmatched customer insights, advanced analytics, and broad-reaching innovative capabilities. It's how we deliver increased sales to our partners, build enduring loyalty to their brands, and provide more value to our cardmembers.

  • Alliance Data offers a competitive salary, a comprehensive selection of benefit options including 401(k).

  • All job offers are contingent upon successful completion of credit and background checks.

  • Alliance Data is an Equal Opportunity Employer.

  • Alliance Data will provide accommodations to applicants needing accommodations to complete the application process.

  • Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for Alliance Data.

  • Alliance Data participates in E-Verify.

  • Alliance Data will consider for employment qualified applicants with criminal and credit histories in a manner consistent with the requirements of all applicable laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.

To learn more, visit www.KnowMoreSellMore.com/careers

.

...


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Risk And Compliance Program Manager

Pwc

Posted 4 days ago

VIEW JOBS 10/12/2019 12:00:00 AM 2020-01-10T00:00 A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets. To really stand out and make us ?t for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Senior Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: - Take action to ensure everyone has a voice, inviting opinion from all. - Establish the root causes of issues and tackle them, rather than just the symptoms. - Initiate open and honest coaching conversations at all levels. - Move easily between big picture thinking and managing relevant detail. - Anticipate stakeholder needs, and develop and discuss potential solutions, even before the stakeholder realises they are required. - Develop specialised expertise in one or more areas. - Advise stakeholders on relevant technical issues for their business area. - Navigate the complexities of global teams and engagements. - Build trust with teams and stakeholders through open and honest conversation. - Uphold the firm's code of ethics and business conduct. Job Requirements and Preferences: Basic Qualifications: Minimum Degree Required: High School Diploma Minimum Years of Experience: 6 year(s) with a preference for 8 years of relative experience. Preferred Qualifications: Degree Preferred: Bachelor Degree Preferred Knowledge/Skills: Demonstrates intimate knowledge and/or a proven record of success in the following areas: * Leveraging information security metrics and reporting principles as they are applied in the support of and integration with key business and strategic priorities; * Contributing new intellectual capital through deep knowledge and direct professional experience in a subject matter area or technical domain within this function; - Translating overall strategy by leading and managing others and performing work with significant independence; * Influencing others both internally and externally through building and leading a large team or complex project, or multiple teams or projects, within the metrics and reporting space; * Building and maintaining complex programs while supervising teams to execute against overall strategy; * Building and maintaining relationships across the network of firms to effectively deliver metrics and reporting activities on the local and the network level; and, * Translating operational and managerial metrics into risk reduction. Demonstrates intimate abilities and/or a proven record of success in the following areas: * Managing multiple relationships and stakeholders throughout major transformation; * Balancing business stakeholders and a central technology service organization; * Navigating a matrix organization; * Collaborating with multiple stakeholders across functional and technical skillsets; * Defining what to measure at an operational level; * Designing, maintaining, and refining the key risk indicators to illustrate the program's progress; * Measuring the effectiveness of projects and services; * Engaging stakeholders across multiple functions within NIS to capture and analyse relevant metrics; * Consolidating and managing of metrics databases; * Engaging member firm technology groups to deliver onboarding of local users into NIS current processes; * Engaging member firms to deliver customized, local dashboards; and, * Creating and maintaining databases that track a wide variety of data. All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer. For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance. Pwc Columbus OH

Advisor, IT Risk

Alliance Data