As Discovery Communications’ portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
From Amsterdam to Singapore and from satellite and broadcast operations to SAP, we are driving Discovery forward on the leading edge of technology.
The Sr. Director of Data Security will be the primary lead to effectively build and run our Data Security Program in partnership with Information Security teams, establishing the procedures and staff in order to support this business objective. This role will manage a team of Data Security Analysts/Engineers in support of 24x7x365 InfoSec organization. Responsible for developing data security controls, implementing and overseeing data privacy, data protection, and data retention in accordance with Discovery’s Legal and Regulatory requirements and standards, to include, but no limited to PCI, GDPR, CCPA. The duties include ensuring Discovery complies with the European Union s GDPR and other applicable data privacy laws and regulations, both current and future. The Sr. Director of Data Security will ensure Discovery uses data retention and protection policies and controls as a business enabler and manages reputational risk that can arise from data protection mishaps or compliance failures.
This position requires the ability to understand and address complex compliance and technical data security issues, equate the resolution of issues to Discovery plans and objectives, and plan and manage remediation or implementation projects. This role will apply global IT industry best practices, enabling Discovery to instill the business with new insights regarding global data, business risk, compliance, and information security.
1. Provide strategic data security privacy advice to key internal business partners and work to understand their business processes, applications, projects and technologies to ensure compliance with privacy laws and embed privacy and data security requirements and controls into projects, products and services;
2. Interact with Senior Leadership, operational and business team members on various data security matters, providing overview, insight, guidance and requirements;
3. Oversee and draft privacy and data security policies, notices, standards, controls and other practices and processes cross-functionally and as a part of global operations;
4. Help to lead and support the Cyber Security Incident Response Team in the review and coordination of potential privacy or data security incidents, including investigations, notifications, and other resolution efforts;
5. Develop, review and deliver (or arrange for the development and delivery of) data security privacy training materials as appropriate and support efforts to raise awareness about the company’s privacy and data security program, data handling practices, procedures and legal obligations;
6. Lead, manage, and guide data security risk assessments; develop risk mitigation plans and make recommendations on the appropriate financial investment to accomplish the policies and implement the procedures;
7. Must be proactive,
8. Maintain strong coordination, cooperation and mutual support between the Legal Department and other corporate departments with compliance obligations, e.g., Internal Audit Department, InfoSec Department, GT&O, U.S. Digital and DNI, Corporate Comm, Marketing, Human Resources, Privacy Champions, the Finance organization to ensure that roles and responsibilities are effectively fulfilled in Discovery’s global privacy and data security governance program and legal and ethical compliance program;
9. Act as Discovery’s global leader on data security, data regulations, issues relating to data privacy compliance, and cooperate with relevant Data Protection Authorities (DPAs).
10. Advise and assist in the resolution of any GDPR-related vendor or customer contract issues
11. Guides development and operation of Discovery’s Privacy and/or Data Security Framework
12. Liaise with senior management and stakeholders to ensure the delivery of the Global Data Protection Program.
13. Monitor the status and effectiveness of Discovery’s privacy controls and coordinate data privacy audits across Digital, Broadcast and Technology environments
14. Oversee periodic data security risk assessments and audits to ensure that information systems are adequately protected to meet all appropriate requirements.
15. Contribute to risk evaluation when a data breach occurs to ensure Discovery responds in a timely manner that is consistent with statutory, regulatory, and contractual obligations.
16. Support and contribute to Discovery’s ongoing security and training awareness program to promote a data protection culture throughout Discovery.
17. Define and perform risk assessment processes intended to evaluate the risk to data security;
18. Oversee, monitor and assess the effectiveness of Data Security compliance activity and facilitate auditing; and
19. Respond to data security investigations or queries as appropriate and/or required.
* BS degree in Computer Science, IT Management, Cybersecurity, or relevant field/technology or equivalent years of experience
* 10 to 15+ years of work experience as manager of Information Security
* 5 to 7+ years of progressive experience with increasing responsibilities within a Cybersecurity Operations environments
* Experience in leading, motivating, engaging and mentoring junior team members
* Minimum of 5 years of experience with Global Privacy Laws, best practices/ industry standards and solid knowledge of GDPR
* A proven record of dealing with complex projects and meeting conflicting demands
* Practical experience in working on data and application system projects
* Strong customer focus and proficiency in prioritizing projects and demands
* Ability to develop policies and procedures in clear, non-technical language
* Excellent communication skills; outstanding analytical, writing, and oral presentation skills;
* Strong analytical and creative mind
* Experience in working in an international business environment
* Strong Information Security Operations, Engineering and/or Architecture experience
* Demonstrated ability to take ownership of and solve problems, and to expeditiously provide requirements which are consistent with sound and ethical business practices, and common sense;
* Ability to think creatively, to supervise multiple and complex matters, and to work independently and effectively with clients, peers, and other parties;
* High degree of competence and familiarity with computers and the internet;
* Outstanding analytical, writing, and oral presentation and communication skills;
* Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner;
* Outstanding strategic planning and management skills;
* Ability to integrate and balance priorities, work activities and resources for the benefit of multiple key stakeholders;
* Strong performance management skills;
* Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences;
* Data Privacy certifications and specialties a plus.
* Available for business travel.
* Must have the legal right to work in the United States
Sterling, Virginia, VA