Information Security Risk Analyst

Job Description

Responsibilities
Overview:

Reporting directly to the Director, Information Security Risk Management, the Third Party Data Security Analyst will support the assessment of third party risks. Assists in ensuring overall adherence to information security policy and standards and implementation of best practices by third parties with whom Discovery engages. Responsibilities will include business-as-usual delivery on risk assessments, contract reviews, consultation, and supporting process improvement efforts.

The Analyst is a technology and process focused security professional with an understanding of data protection threats and mitigating controls. This role requires the ability to understand and assess information security risks posed and clearly communicate those risks to the business. It will apply global IT industry best practices to ensure Discovery uses information security risk management to foster business-enabling insights.
• Work with business to understand services provided by vendor, define scope of assessment and identify associated risks

• Assess Vendor controls through document review and information gathering sessions to identify, document, and clearly communicate key deficiencies to the business, using non-technical speak

• Coordinate across Information Security teams to incorporate technical reviews into overall assessments

• Monitor corrective action plans against agreed upon timelines and actions and review evidence for closure

• Review contracts to ensure appropriate data security terms, aligned with Discovery policies and standards, are included

• Contribute to the team's continuous improvement efforts by identifying opportunities and supporting implementation

• Support reporting and analytics functions to drive value-add metrics that highlight breakdowns of third party information security risk, team productivity, and identify opportunities for process improvement

Requirements
• 2-4 year's experience in information security, third party risk management, information security auditing, and/or privacy

• Strong understanding of information security threats based on scope of service and controls to mitigate risks

• Comprehensive knowledge of third-party risk concepts and experience in performing vendor risk assessments

• Excellent communication skills, including the ability to present complex topics in clear, non-technical language; outstanding analytical, writing, and oral presentation skills

• Knowledge of privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act)

• Detail-oriented individual with critical thinking, analytical, and problem solving skills

• Demonstrated ability to manage multiple tasks concurrently, be proactive, take ownership of and solve problems, and to deliver comprehensive and thoughtful work products;

• Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences

• Team-player with a ''can do'' attitude

• Ability to work collaboratively as part of a team, and across both business and technology functions

• Proven record of leveraging real-world experiences to identify process improvements and drive their implementation

• Must have legal right to work in the United States

Preferred Qualifications
• Experience in performing data security audits, data privacy audits, reviews, and/or IT/security audits

• Strong working knowledge and experience with data security compliance, control design, and processes

• Experience working in an international business environment with a geographically dispersed team

• Experience with commercial GRC/VRM solutions

• Familiarity with IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption, and physical security principles

• Media industry experience a plus, but not required

Education: Bachelors degree in Information Security, Computer Science or IT-related field, 2-4 years equivalent experience without a degree

Certifications: CISSP, CRISC, CISM, CISA, Security Plus

Frameworks/Standards: Knowledge of NIST framework, ISO 27001-2x, ITIL, and SIG

Nearest Major Market: Los Angeles

Jobcode: Reference SBJ-rbqbwe-52-14-126-74-42 in your application.