Do you want to be part of designing, implementing, and operating a lean and modern risk management program that drives risk assessment, treatment, and acknowledgement processes intended to help technology functions identify and mitigate information-security related risks? Do you enjoy identifying and assessing the security risks associated with large-scale systems implementations and helping to identify solutions toward mitigating those risks? If so, this is the right opportunity for you!
• The Senior Information Risk Analyst is responsible for designing, enhancing, operating and continuously improving a global strategic and tactical Risk Management Program for the WarnerMedia Cybersecurity Office (CSO).
• This includes processes to identify, evaluate, treat, and communicate risks related to information security.
• The Senior Information Risk Analyst will independently lead, coordinate and track global Risk identification, evaluation, treatment and communication activities with partners from across the organization.
• The Senior Information Risk Analyst will identify and prioritize appropriate security controls to apply to reduce security risk to the organization.
• The Senior Information Risk Analyst will oversee the day-to-day tracking and management of risk in an organizational risk register and linking risks to critical assets and responsible groups within the organization.
• This role will provide input for the development of controls, governance and security investment decisions.
• The Senior Information Risk Analyst must be able to build and maintain internal relationships to ensure alignment and partnership with key stakeholders globally across WarnerMedia.
• The Senior Information Risk Analyst will leverage these global relationships to participate in projects to ensure governance requirements are being considered and mitigated within the design and implementation of systems across the company.
• The Senior Information Risk Analyst will be responsible for managing identified risks by evaluating all submissions against policy requirements, proposing recommendations for mitigating controls, evaluating residual risk, and making recommendations to senior leadership.
• The Senior Information Risk Analyst will also develop dashboards and reports to effectively and efficiently communicate and track strategic risk and remediation activities that will ultimately be reported to the WM CSO leadership.
• (50%) The Risk Principal assesses all Risks submitted by stakeholders globally across all WarnerMedia divisions. They drive reported Risks to full remediation and closure. They also provide tactical recommendations to stakeholders on how to mitigate the level of Risk in the interim. These plans are documented in a Risk Management Agreement (RMA) for tracking and awareness.
• (20%) The Risk Principal oversees the accuracy and completeness of the WM Risk Register by leveraging the eGRC module of the Service Now platform.
• (10%) The Risk Principal provides input into CSO Governance and Vendor Risk Management processes.
• (10%) The Risk Principal partners with colleagues and VPs across the business daily to consult on integration of security standards and guidance, and to develop / implement new processes for management of identity, vulnerability, and network issues.
• (10%) The Risk Principal develops periodic status reporting, Key Risk Indicator (KRI) metrics and viewpoints on strategic risk trends across the WM organization to CSO leadership.
Bachelor's degree preferred; Information Systems, Engineering, Mathematics or Cyber Security preferred
7 or more years of industry experience
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of WarnerMedia cyber activities
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to WarnerMedia cyber objectives
• Ability to work across departments and business units to implement WarnerMedia's cybersecurity principles and programs and align privacy objectives with security objectives
• Ability to relate strategy, business, and technology in the context of WarnerMedia's dynamics
• Ability to understand technology, management, and leadership issues related to WarnerMedia processes and problem solving
• Ability to understand the advanced concepts and issues related to cyber and its organizational impact
• Ability to identify critical WarnerMedia systems with information communication technology that were designed without system security considerations
• Knowledge of Risk Management principles
• Knowledge of the WarnerMedia's core business/mission processes
• Knowledge of information technology (IT) security and risk management policies, requirements, and procedures
• Knowledge of Personally Identifiable Information (PII) data security standards
• Knowledge of Payment Card Industry (PCI) data security standards
• Knowledge of Personal Health Information (PHI) data security standards
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures
• Knowledge of common Information Security frameworks and Regulatory standards such as NIST, ISO27001, SOX, SOC 2 reporting, PCI, HIPAA or FAIR an advantage
• Knowledge of regional Privacy regulations, such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Brazil General Law for the Protection of Personal Data (LGPD)
• Knowledge of confidentiality, integrity, and availability principles
• Knowledge of controls related to the use, processing, storage, and transmission of data
• Familiarity with common Information Security frameworks and Regulatory standards such as NIST, ISO27001, SOX, SOC 2 reporting, PCI, HIPAA or FAIR an advantage
• Achievement of industry-relevant security certifications such as CISSP, CISM or CRISC an advantage
• Skill in discerning the protection needs (i.e., security controls) of information systems and networks
• Skill to apply cybersecurity principles to WarnerMedia requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Demonstrable skill in the following areas:
• Risk Management
• Cloud Computing
• Encryption Technologies
• Information Security Management
• Software Security
• Web Application Security
• Technology Advising
Jobcode: Reference SBJ-gmwbbm-54-158-251-104-42 in your application.