Sr Third Party Data Security Analyst

Job Description

Overview

Reporting directly to the Director, Information Security Risk Management, the Senior Third Party Data Security Analyst will support the assessment of third party risks. Assists in ensuring overall adherence to information security policy and standards and implementation of best practices by third parties with whom Discovery engages. Responsibilities will include business-as-usual delivery on risk assessments, contract reviews, consultation, and leading process improvement efforts.

In addition, this role will support activities related to managing Discovery’s Data Security Program, with a primary focus on privacy. The Analyst is a technology and process focused security professional with an understanding of data protection threats and mitigating controls. They will support the Information Security Data Security Team’s interaction with Discovery’s Privacy Office and business stakeholders to develop, enhance, and govern the global data protection program; reviewing, assessing, and recommending policy and technical controls to ensure Discovery’s Data Security Program is effective.

This role requires the ability to understand and assess information security risks posed and clearly communicate those risks to the business. It will apply global IT industry best practices to ensure Discovery uses information security risk management to foster business-enabling insights.

Responsibilities
• Work with business to understand services provided by vendor, define scope of assessment and associated risks
• Assess Vendor controls to identify, document, and clearly communicate key deficiencies to the business with non-technical speak
• Coordinate across Information Security teams to incorporate technical reviews into overall assessments
• Report on assessment outcomes, risk level and associated recommendations to remediate issues
• Monitor corrective action plans against agreed upon timelines and actions and review evidence for closure
• Review contracts to ensure appropriate data security terms, aligned with Discovery policies and standards, are included
• Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure
• Support data security initiatives across both InfoSec Department and Privacy Office
• Proactively recognize potential data security and compliance issues through review and analysis
• Coordinate with business and IT teams, as a SME/InfoSec liaison, supporting data security initiatives
• Assist in implementing and maintaining a tool(s) to manage risk assessments
• Contribute to the team's continuous improvement efforts by identifying opportunities and leading implementation
• Support reporting and analytics functions to drive value-add metrics that highlight breakdowns of third party information security risk, team productivity, and identify opportunities for process improvement
• Assist in documenting and maintaining operating procedures

Requirements
• 5-7 year's experience in information security, third party risk management and/or privacy
• Ability to identify, and assess IT security controls against Discovery policies and standards and identify and communicate gaps
• Comprehensive knowledge of third-party risk concepts and experience in performing vendor risk assessments
• Strong understanding of privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act)
• Ability to work collaboratively as part of a team, and across both business and technology functions
• Proven record of leveraging real-world experiences to identify process improvements and drive their implementation
• Detail-oriented individual with critical thinking, analytical, and problem solving skills
• Demonstrated ability to interact, build relationships, and communicate well with members of team and management
• Excellent communication skills, including the ability to present complex topics in clear, non-technical language; outstanding analytical, writing, and oral presentation skills
• Demonstrated ability to manage multiple tasks concurrently, be proactive, take ownership of and solve problems, and to deliver work products which are consistent with sound and ethical business practices, and common sense;
• Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences
• Team-player with a ''can do'' attitude, capable of providing support to junior members of the team
• Must have legal right to work in the United States

Nearest Major Market: Washington DC

Jobcode: Reference SBJ-d5b4p1-3-143-228-40-42 in your application.