Analyst, IT Security Vendor Risk Mgmt

Job Description

Your New Role

The IT Security Risk Analyst Vendor Risk Mgmt. will support the assessment of information security risks across all of Warner Bros. Discovery's (WBD's) third party suppliers/vendors. This role requires the ability to understand and assess information security risks posed by third parties and clearly communicate those risks to the business. It will apply global IT industry best practices to ensure WBD uses third party information security risk management to foster business-enabling insights.

Your Role Accountabilities
• Use WBD processes and tools to perform 3rd party vendor risk assessments, for new and existing vendors
• Work with business to understand the ''what'' and ''how'' of services provided by vendor to assess level of risk and scope of assessment
• Perform timely assessments of Vendor controls to identify, document, and communicate key deficiencies to the business and Information Security management
• Report on assessment outcomes, risk level and associated recommendations to remediate issues
• Assist with follow-up on documentation requests for initial and periodic assessments
• Monitor corrective action plans against agreed upon timelines
• Review remediation evidence for closure of findings
• Review contracts to ensure appropriate data security terms are included
• Provide comment and acceptable alternatives to vendor contract revisions, in alignment with defined guidance
• Escalate provision changes, as needed
• Assist with contract intake to ensure pipeline of assessments is managed in a timely and efficient manner
• Provide periodic status updates
• Maintain accurate and complete data within the identified system of record
• Contribute to the team's continuous improvement efforts by identifying opportunities and helping to implement them

Qualifications & Experience
• BS/BA degree required
• 3-5 years' experience in information security, with at least one (1) year experience in third party risk management
• Knowledge of IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption and physical security; Cloud security knowledge a plus
• Excellent communication skills, including the ability to communicate effectively in English, both written and verbal
• Ability to present complex topics in clear, non-technical language
• Ability to work collaboratively within team and across business and technology functions
• Detail-oriented individual with critical thinking, analytical, and problem-solving skills
• Demonstrated ability to be proactive and take ownership of and solve problems
• Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences
• Ability to handle multiple assignments concurrently within an iterative environment

Desirable
• One or more of the following certifications: CISSP, CRISC, CISA
• 2+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus)
• Familiarity with streaming and similar products/services
• Experience working in a national or global company

Jobcode: Reference SBJ-dy15z3-3-22-51-241-42 in your application.