Analyst - Information Security Risk
Discovery CommunicationsSterling, VA
Full Time Job
Our Information Security Risk Analyst will be responsible for conducting information security assessments. You’ll interpret and apply IT controls in an enterprise environment to identify, document, and communicate key deficiencies to stakeholders and assist them with recommendations to address and solve. This analyst role will maintain familiarity with industry trends and security best practices, as well as contribute to the team’s continuous improvement efforts.
1. Translate business needs and regulatory requirements to successfully implement information security policies, standards and guidelines
2. Evaluate management responses to ensure remediation tasks adequately address identified gaps, and validate evidence before identified risks are closed
3. Develop and report metric scorecards to reflect the level of adoption of security policies and standards, remediation of vulnerabilities, and residual risks
4. Work collaboratively with team members and coordinate across functions to align activities for addressing findings and exceptions
5. Establish and maintain strong working relationships to drive information security awareness and governance within the organization, aligning with enterprise programs and objectives
* Bachelor's degree in Computer Science, Technology, or related fields.
* One or more of the following certifications (or similar): CompTIA Security , GSEC SANS GAIC Security Essentials, CISSP, CISA, CISM
* At least 2-5 years’ experience in information security and/or risk
* Critical thinking, analytical, and project management skills
* Ability to work collaboratively as part of a team, and across both business and technology functions
* Strong oral and written communication skills, including the ability to communicate clear, concise, non-technical and persuasive risk evaluation reports
* Ability to identify, interpret and apply IT security controls in changing environments
* Must have the legal right to work in the United States
Familiarity with one or more of the following is highly desirable:
• Standards / Frameworks (e.g., CoBIT 5, ITIL, ISO 2700x, NIST series 800 guidance)
• IP networks infrastructure (network topology, switches, routers, firewalls, intrusion detection / prevention)
• Windows Active Directory (policies, structure, elements)
• Databases (SQL, Oracle, DB2, monitoring tools)
• Access control (Identity Access Management user access provisioning and recertification.
• Logging (System Event / Audit log collection)
• Data Encryption / Masking techniques (At-rest, in-transit, in-motion)
• Physical security principles
Sterling, Virginia, VA
As Discovery’s portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
From Amsterdam to Singapore and from satellite and broadcast operations to SAP, we are driving Discovery forward on the leading edge of technology.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.