Senior Information Security Compliance Analyst

Job Description

What you'll be doing...

Warner Bros. Discovery is hiring a talented Senior Information Security Compliance Analyst to support the Compliance Oversight program globally across the organization. As a member of the Compliance team, you will be member of the Cyber Security team and will work in partnership with Governance, Risk, Privacy, Financial Compliance, Internal Audit, External Audit, Security Engineering, Legal, Technology, IDAM, HR, and other key partners to ensure compliance with various regulatory and policy requirements. The successful candidate will have experience across multiple compliance domains with experience in security, cyber security, audit process/procedure, risk analysis and mitigation, control testing, and continuous improvement initiatives.

This team focuses on validating that processes are working end-to-end, identifying risk areas and risk treatment/mitigation, as well as participating in projects to understand and determine potential impact to security and regulatory compliance components as well overall compliance to Security Policies & Standards. You will identify areas of improvement and non-compliance which may result in process changes and/or coaching requests. The Senior Information Security Compliance Analyst will perform and oversees all of our critical compliance programs as well as information security assessment/analysis, mitigation and remediation. You will drive other various initiatives to completion and assist in managing and growing an effective Compliance Program. In addition, you will be responsible for a variety of functions centered on effective implementation of all the elements of a compliance program (project): compliance with applicable laws, rules, and regulations, internal policies and procedures; accepted business practices, ethical standards, and contractual obligations. You will be responsible for areas encompassing both regulatory and non-regulatory compliance, such as SOX, PCI, SSAE 18, issue tracking and remediation, advisory projects, security assessments, and custom compliance assessments. You will lead the development of the compliance assurance process and lifecycle; and oversee cybersecurity controls testing across the organization to determine control effectiveness and adherence to both internal cybersecurity policies and standards and external requirements (e.g. certifications, mandates, regulations and contracts).

Responsibilities:
• Lead the various critical Security & Compliance programs owned by our organization.
• Assist in information security assessment/analysis, mitigation, and remediation. Advise in implementing solutions and mitigation plans for control deficiencies; regulatory and compliance gaps and make recommendations for process efficiencies.
• Stay abreast of existing and upcoming regulatory legislation to assess potential impact on the WM compliance programs.
• Drive process improvements and control implementation across business functions, including resolution of assessment findings and independent initiatives.
• Participate in the implementation of the Company eGRC system, policies, standards, and processes.
• Lead targeted compliance audits and reviews, communicating results and recommendations in clear and concise written reports; and collaborate with management to ensure corrective actions are implemented effectively.
• Investigate compliance issues and assist with investigation reports.
• Miscellaneous work as necessary to support the compliance function.
• Validate system requirements, flows, and written procedures through testing and observations, and to ensure regulatory compliance operating procedures and controls are working as intended.
• Participate in cross-functional teams to support various regulatory compliance subject matters ensuring that user activities continue to support systematic processes in place and drive positive compliant behaviors or that proposed new system changes fully meet Regulatory, Security and Legal requirements.
• Perform analysis based on the testing results through observations and reports to identify system and process gaps reducing risk for WM.
• Document all work, and findings resulting from testing and communicate to relevant stakeholders within defined standard processes.
• Conduct related ongoing security compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Maintain current knowledge of appliable global, federal, and state information security laws and accreditation standards.
• Make updates to the Integrated Controls Framework (ICF) as agreed with other team members and relevant governance bodies.
• Monitor the effectiveness of the compliance assessment process in accordance with agreed metrics and performance measures to drive continuous improvements.
• Lead compliance assessments including testing to demonstrate the effectiveness of controls, supporting team members to ensure reviews are critical, comprehensive, and thorough.
• Assist leadership in identifying, developing, implementing, and maintaining compliance across the region to protect the privacy, confidentiality, integrity, and availability of data and to reduce security risks.
• Participate in planning to identify new security requirements and/or initiatives required based on the threats and the growing regional needs aligning with the global security program and business requirements.

What we're looking for...

Experience / Education:
• 5 - 7+ years working in security, cyber security, audit, and / or compliance environments in a corporate or consulting capacity, with experience in a highly technical setting.
• Experience defining certification/action plan roadmaps balancing compliance deliverables, business requirements, and resource allocation.
• Bachelor's degree in a technology-related field, or equivalent education-related experience.
• Experience with cross-functional risk, compliance and/or information security disciplines.
• Subject matter expertise in the areas of SOX, PCI, SSAE 18, GDPR and CCPA.
• Experience in project management, along with organizational and planning skills.
• Technical system experience with SAP, Oracle, PeopleSoft, Hyperion, Git Hub, Azure Dev Ops, AWS, and CI / CD and agile methodologies, etc.
• Cloud certification and /or relevant experience assessing security and compliance in the cloud.
• Experience assisting with building compliance programs, including assessing and managing compliance against agreed standards at the level of individual security controls (administrative, technical / logical, physical) for multiple organizations or business units
• Experience with ServiceNow or Onspring management tools is preferable

Preferred Qualifications:
• Relevant certification (CISA, CISM, PCIP, CISSP, ISA, etc.) required.
• Having worked as a QSA or ISA in the past is preferable but not required.

Required Skills, Competencies & Personal Attributes:
• Flexibility on working hours. Working hours until 12pm EST (10:00 - 18:00 CET) with some flexibility to attend occasional meetings after 12pm EST (18:00 CET).
• Highly proficient in both spoken and written English.
• You possess the highest integrity commensurate with a compliance & ethics position.
• Demonstrate superior organization & communication skills.
• You produce clear & polished work product, in narrative and visual form.
• You have strong quantitative an

[more...]

Jobcode: Reference SBJ-g4qknq-3-147-104-248-42 in your application.