As Discovery Communications’ portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
Within our Information Security team, there has never been more urgency to obtain the best talent we can for this critical function at Discovery Communications. With constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best in class tools, resources, monitoring, threat detection, and more.
Can you demonstrate a proven success record in a technical role that emphasizes IT Risk Management, Information Security and Technical Privacy? If so join our team! We’re seeking an experienced IT Compliance Manager who can be our Information Security Subject Matter Expert within operational risk management. You’ll lead our efforts in supporting our SOX ITGC Program implementation, management, and sustainability, and also be responsible for implementing and managing additional IT Compliance programs such as PCI and Privacy Shield, as well as contributing to IT risk assessments. This critical role will identify current/emerging security risks and ensure they are appropriately assessed and mitigated.
This Manager role will work under minimal supervision on complex projects and have a wide latitude for independent judgment and flexibility, if highly skilled with extensive SME proficiency and experience.
1. Identify, implement and maintain appropriate security and compliance measures.
2. Oversee SOX ITGC Program sustainability by ensuring that existing controls are continuing to be effective, documentation is kept up to date, and evidence is being collected in preparation for self-assessments and external audits.
3. Develop Plans of Action & Milestones (POAM); work in partnership with IT Management to obtain agreement to audit results/management action plans, identify solutions, and obtain acceptable responses for compliance reviews.
4. Conduct meetings with SMEs, Control Testers, Control Owners, and Process Owners for SOX and other compliance programs.
5. Conduct IT Risk Assessments with IT Management and coordinate IT ELC testing.
6. Documenting and regularly reviewing security policies, processes and procedures.
7. Provide support with third-party IT risk assessments and periodic reviews, including assessing security controls, architecture, adherence to requirements, and conducting gap analysis.
8. Manage and implement processes and tools that enable Discovery Communications to identify, document and track IT risk and compliance exceptions.
* 10+ years overall IT experience, previous experience in server, network, and/or database administration; cyber threats; personnel leadership; and IT project management a plus.
* 5+ years experience IT Governance, Risk, or Compliance such as GLBA, PCI-DSS, SOX, EU Data Privacy. Background engaging with both internal and external audit functions.
* Familiarity with Information Security Standards and Frameworks (e.g. CoBIT 5, ITIL, ISO 27000, NIST 800-series, PCI-DSS, SSAE18/SOC2).
* 5+ years experience with SDLC process frameworks, methodologies, tools and practices.
* BA degree in Computer Science, Information Systems/Technology or related field.
* Experience and familiarity with full life cycle information technology solution implementation from conceptualization, requirements, design and specification through development (coding or architecting), integration testing, commissioning, and retirement.
* Excellent written and verbal communication skills.
* Ability to provide detailed documentation of actions as they occur.
* Must demonstrate self-motivation with a strong ability to make sound, independent judgments while working in a multi-tasking, changing environment.
* One or more of the following certification designations (or equivalent) is required: Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information System Control (CRISC), Computer Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM).
* Must have the legal right to work in the US