Lead Software Engineer in Test
Paramount+
Warsaw, Polska
Discovery is a global leader in the media sector, serving passionate fans around the world with content that inspires, informs and entertains. Discovery delivers over 8,000 hours of original programming each year across deeply loved content genres.
The world is changing all around us. To continue to grow as a business over the next years we must look ahead, understand the changing trends and be prepared for that what's to come. We must get ready for tomorrow today. Join us to be part of the adventure. Discovery inspires people to be the best they can.
Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.
Position Summary
The Sr. Data Security Analyst's primary role is to support Discovery's Technical Security Compliance team. Reporting to the Director, Technical Security Compliance, candidate will support and manage a Global Technical Information Security Compliance Program, working closely with product and technical teams. Interface with global organizations to review and analyze complex systems (applications, OS, databases, and networking devices), to identify risks, threats, and vulnerabilities within the technology environments. The candidate must be able to analyze cardholder, business, and application data flows and accordingly identify associated risks. The candidate must work independently to collect, consolidate and analyze information and artifacts to assess compliance with a variety of applicable security requirements and frameworks (e.g., PCI-DSS, NIST, ISO, etc.) Final reports on compliance must be developed and presented to management and executives to detail the controls and gaps observed during security assessments against relevant requirements. In addition, this role will play a key role in supporting the activities related to managing Discovery's Data Security Program. The candidate must be a people, technology and process-focused security professional with an understanding of data protection controls and risks .
Responsibilities
A specialization in information assurance technical security audits is preferred, with a minimum of five (5) years overall experience, in the following areas of information security:
• Infrastructure (Servers/ Virtualization Devices/ Cloud / Databases) controls.
• Technical (access, network security, logging/monitoring, vulnerability management, system hardening, secure software development, application security, encryption and key management) controls and best practices.
• In-depth experience with PCI DSS and Risk Management Standards (NIST/ISO).
• Support data security initiatives across large organizations
• Serve as a PCI DSS lead, providing specialist knowledge and actionable PCI DSS guidance to the enterprise.
• Design, implement, and support PCI DSS (and any other internal, external, or regulatory information security requirements) compliance and data security controls for Discovery Global.
• Develop and maintain Payment Card Data Flow Diagrams for IT processes and services.
• Develop and implement data security standard operating procedures for the consistent design, implementation, and support of compliance to all applicable security requirements and frameworks.
• Implement and maintain (e.g., policy, rules, and tuning) security compliance tools, as appropriate.
• Assist with implementation of countermeasures or mitigating data security controls, as necessary.
• Manage all Information Security documentation to comply with internal, external, and regulatory requirements.
Requirements
• Minimum of five (5) years overall experience in the areas noted above with a Bachelor's degree from an accredited university in business or IT security related discipline.
• Six (6) years of relevant experience in the areas noted above in lieu of a degree.
• At least one industry certification: CISA, CISSP, CRISC, PCI QSA.
• Excellent English – written and spoken
• Good Project Management and time management skills
• An in-depth understanding of security and compliance programs (e.g., NIST CSF, AICPA TSCs and SOC II Reports, ISO 27001, GDPR, CCPA, PCI-DSS
• Experience in performing IT security risk assessments and/or managing information security audits
• Act as a liaison and manage all assessment/audit requests with Discovery's application / security control owners and third parties
• Working knowledge and experience in creating policies and technical documents
Preferred Qualifications
• 3+ years of data security or security architecture and engineering experience
• Working knowledge and experience in developing and reporting performance and risk metrics (e.g., KPIs/KRIs – Status Reporting and Dashboard for senior management)
Jobcode: Reference SBJ-r74yeq-18-207-163-25-42 in your application.
Discovery, Inc. is the global leader in real life entertainment. We serve passionate fans with content that inspires, informs, and entertains, providing leadership across deeply loved and trusted brands, such as Discovery Channel, TLC, Animal Planet, HGTV, Food Network, and Travel Channel.