It's fun to work in a company where people truly BELIEVE in what
The Advisor, Information Security is responsible for consulting
as part of Card Services Information Security regarding security
related aspects of business initiatives, projects, applications,
databases, and other system environments across the various lines
of business. This person is expected to champion processes and
technology as a subject matter expert in various areas. This
position works closely with teams across the organization to help
provide superior protection to Card Services information
Essential Job Functions
Cyber and GCC Risk Assessment and Advisement - Provide cyber and
general computing control risk assessment and advisory services to
business and IT constituents related to new development efforts,
significant changes to IT systems and infrastructure, and IT
vulnerability management. Produce risk assessment and advisory
reporting to ensure risks are adequately recorded and tracked to
resolution, acceptance, or transference. Monitor the cyber
landscape for emerging threats and their potential impact (risk) to
the organization using threat modeling analysis tools and
resources. Utilizes planning and organization tools to develop
project/action plans. Meets deliverable deadlines as directed.
Cyber Security Tooling and Processes - Possess intermediate
knowledge of company Cyber Security Tools and affiliated
operational processes. Utilize knowledge when advising to determine
residual risk of identified threats or control weaknesses. Champion
the use Cyber Security Tooling through education and awareness of
Regulatory Requirements and Control Frameworks - Foundational
knowledge of regulatory bodies and corresponding compliance
requirements including, but not limited to: PCI-DSS, SOX, GLBA,
CCPA, GDPR. Intermediate knowledge of control frameworks including,
but not limited to: FFIEC Examination Handbooks, NIST 800-53, ISO
27001. Foundational knowledge of Cyber Security Maturity Frameworks
such as NIST-CSF and FFIEC Cyber Assessment Tool.
General Information Technology- Intermediate to advanced
knowledge of IT tools and practices including, but not limited to:
Networking, LDAP Directories, Vulnerability/Patch Management,
Change Management, Incident Management, Server and Desktop
Management, Mainframe Technologies, Encryption and Key Management,
Cloud Architecture and Computing, Software Application General
Computing Controls, Business Continuity/Disaster Recovery, Software
Development Lifecycle, Access Management, and Cyber Security
Metrics and Presentation Skills - Ability to produce meaningful
and actionable metrics through data analysis. Conduct data analysis
exercises using Excel Pivot Tables, Microsoft Access Queries, and
other data driven analysis tools. Produces presentations at various
levels of abstraction dependent on intended audience using
Microsoft Power Point, Microsoft Visio, or equivalent tools.
Intermediate to expert English writing skills expected.
Human Relations - Ability to diffuse problematic situations and
manage through conflict resolution. Utilizes soft skills such as:
Selective Agreement, Reflective Listening, Voice Inflection, and
Empathy. Ability to take complex concepts and break down into
laymen's terms or analogies that help with other's understanding.
Viewed as an enabling partner that provides options or information
when saying no to business or IT requests. Seen by leadership and
peers as creditable, trustworthy and respectful. Utilizes subject
matter expertise to guide and coach less experienced team
Reports to: Manager, Information Security
Working Conditions/ Physical Requirements: General office
Direct Reports: None
- High school diploma or equivalent education
- Four or more years in Information Security, IT Audit, Risk
- One or more field related professional technical certifications
(CISSP, CISA, CISM, Security+)
- Bachelors Degree or equivalent experience in Computer Science,
Networking or Information Technology
- Certifications: One or more field related professional
technical certifications (CISSP, CISA, CISM, Security+)
Certified Information Security Manager (CISM) - Issuer,
Certified Information Systems Auditor (CISA) - The Information
Systems Audit and Control Association, Inc., Certified Information
Systems Security Professional (CISSP) - International Information
System Security Certification Consortium
Four or more years
Application Security, Database Fundamentals, Information
Security, Information Technology (IT) Risk Management, Information
Technology Auditing, NIST 800-53, NIST Cybersecurity Framework,
Penetration Testing, Sarbanes-Oxley Act (SOX)
About Alliance Data Card Services
Alliance Data Card Services provides market-leading private
label, co-brand, general purpose and commercial credit card
programs, digital payments and Comenity-branded financial services.
Using the industry's most comprehensive and predictive data set,
advanced analytics, and broad-reaching capabilities, Alliance Data
Card Services has been helping partners increase sales and provide
greater value to their customers for more than 30 years. Follow
Alliance Data Card Services on Twitter, Facebook, LinkedIn and
A division of Alliance Data, Bread is a leading digital payments
company that works with merchants and partners to personalize
payment options for their customers. Through its full-funnel
recommendation engine, Bread empowers merchants to sell more,
improve conversion and lift average-order-value. Follow Bread on
Twitter, Facebook and LinkedIn.
Alliance Data Card Services and Bread are a proud part of the
Alliance Data enterprise, a FORTUNE 500 and S&P MidCap 400
company headquartered in Columbus, Ohio with more than 8,000
Alliance Data offers a competitive salary, a comprehensive
selection of benefit options including 401(k).
All job offers are contingent upon successful completion of
credit and background checks.
Alliance Data is an Equal Opportunity Employer.
Alliance Data will provide accommodations to applicants needing
accommodations to complete the application process.
Any applicant offered employment will be required to establish
that they are legally authorized to work in the United States for
Alliance Data participates in E-Verify.
Alliance Data will consider for employment qualified applicants
with criminal and credit histories in a manner consistent with the
requirements of all applicable laws, including the City of Los
Angeles' Fair Chance Initiative for Hiring Ordinance.
- Alliance Data complies with the Americans with Disabilities Act
(ADA), as amended, and all applicable state/local laws. Applicants
with disabilities may contact Alliance Data to request an arrange
for accommodations. If you need assistance to accommodate a
disability, you may request an accommodation at any time. Please
contact the Recruiting Team at TaOps@alliancedata.com.