Data Security Analyst
Discovery CommunicationsSterling, VA
Full Time Job
As Discovery Inc portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The Data Security Analyst’s primary role is to support and enhance Discovery’s PCI DSS Third-Party Service Providers Due Diligence program, coordinate, run, and document PCI assessment meetings, coordinate deliverables across multiple product teams in different regions, create / modify documentation including diagrams, policies, standards, reports, etc.
In addition, the Data Security Analyst will play a key role in supporting the activities related to managing Discovery’s Data Security Program. The Data Security Analyst is a technology and process focused security professional with an understanding of data protection threats and mitigating controls. They will support the Data Security Team’s interaction with Discovery’s Privacy Office and business stakeholders to develop, enhance, and govern the global data protection program. The Analyst will review, assess, and recommend policy and technical controls to ensure Discovery’s Data Security program is effective.
• Support data security initiatives across both InfoSec Department and Privacy Office.
• Serve as a PCI DSS advisor within Information Security Team, providing specialist knowledge and actionable PCI DSS guidance to the enterprise as it relates to current and future processes, applications, documentation, and products.
• Respond to day-to-day requests from Data Security, Information Security Team, and the CISO such as advising on enterprise-wide initiatives.
• Design, implement, and support GDPR/CCPA/LGPD compliance and data security controls for Discovery Global.
• Proactively recognizes potential data security and compliance issues through reviews and analyses.
• Develop and maintain PII Data Flow Diagrams for new and critical business and IT processes and services.
• Develop and implement data security standard operating procedure (SOP) and enforce requirements.
• Provide data security requirements and guidance on secure software development and deployment.
• Coordinate with business and IT teams, as a SME/InfoSec liaison, supporting data security initiatives.
• Recommend, install, manage, and maintain (e.g., policy, rules, and tuning) Data Security/Privacy Tools (i.e., PET) when deployed and as appropriate.
• Assist with implementation of countermeasures or mitigating data security controls as necessary.
* Bachelor’s degree from an accredited university in business or IT security related discipline.
* 3 years of progressive experience with increasing responsibilities within Information Security Dept. (e.g., Cyber SecOps, Security Architecture & Engineering, and/or Data Security/Forensic Analysis).
* An In-depth understanding of privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act), and Payment Card Industry standards such as Data Security Standard (PCI-DSS), etc.
* Knowledge of data security and privacy enhancing technologies and tools
* Previously maintained and supported a PCI Risk and Compliance program.
* Previous experience in risk assessments and comprehensive knowledge of third-party vendor risk concepts.
* Independent tasking and project completion with little supervision is a must
* Act as a liaison and manage interactions with Discovery’s Qualified Security Assessor (QSA).
* Excellent analytical and problem-solving skills as well as interpersonal skills to interact with users, team members and senior management
* Investigates, interprets, and responds to technical and/or complex IT security data
* Demonstrated ability to work within matrixed resources in a team environment. Possesses strong organizational, time management and diplomacy skills
* Working knowledge and experience in creating policies and technical documents
(SOPs) as necessary
* Must have the legal right to work in the United States
* Desirable certifications include PCI-DSS QSA, CIPP (US/E), CIPT, CIPM, CISSP,
GCFE/GCFA, GCIH, CEH, OSCP, CHFI
* 2 years of data security or security architecture and engineering experience
* 1 years of security experience with cloud security environments
* Working knowledge and experience in leading and performing data security, data
privacy discussions, reviews, and IT/security audits
* Working knowledge and experience in developing and reporting performance and risk
metrics (e.g., KPIs/KRIs – Status Reporting and Dashboard for senior management)
* Strong working knowledge and experience with data security compliance, control
design, and processes