Senior Data Security Analyst
Discovery Communications
Warsaw, MZThis was removed by the employer on 1/8/2021 9:31:00 AM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Senior Data Security Analyst jobs in Warsaw-MZ
Search all Senior Data Security Analyst postings
Full Time Job
Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.
Position Summary
The Sr. Data Security Analyst's primary role is to support Discovery's Technical Security Compliance team. Reporting to the Director, Technical Security Compliance, candidate will support and manage a Global Technical Information Security Compliance Program, working closely with product and technical teams. Interface with global organizations to review and analyze complex systems (applications, OS, databases, and networking devices), to identify risks, threats, and vulnerabilities within the technology environments. The candidate must be able to analyze cardholder, business, and application data flows and accordingly identify associated risks. The candidate must work independently to collect, consolidate and analyze information and artifacts to assess compliance with a variety of applicable security requirements and frameworks (e.g., PCI-DSS, NIST, ISO, etc.) Final reports on compliance must be developed and presented to management and executives to detail the controls and gaps observed during security assessments against relevant requirements. In addition, this role will play a key role in supporting the activities related to managing Discovery's Data Security Program. The candidate must be a people, technology and process-focused security professional with an understanding of data protection controls and risks .
Responsibilities
A specialization in information assurance technical security audits is preferred, with a minimum of five (5) years overall experience, in the following areas of information security:
• Infrastructure (Servers/ Virtualization Devices/ Cloud / Databases) controls.
• Technical (access, network security, logging/monitoring, vulnerability management, system hardening, secure software development, application security, encryption and key management) controls and best practices.
• In-depth experience with PCI DSS and Risk Management Standards (NIST/ISO).
• Support data security initiatives across large organizations
• Serve as a PCI DSS lead, providing specialist knowledge and actionable PCI DSS guidance to the enterprise.
• Design, implement, and support PCI DSS (and any other internal, external, or regulatory information security requirements) compliance and data security controls for Discovery Global.
• Develop and maintain Payment Card Data Flow Diagrams for IT processes and services.
• Develop and implement data security standard operating procedures for the consistent design, implementation, and support of compliance to all applicable security requirements and frameworks.
• Implement and maintain (e.g., policy, rules, and tuning) security compliance tools, as appropriate.
• Assist with implementation of countermeasures or mitigating data security controls, as necessary.
• Manage all Information Security documentation to comply with internal, external, and regulatory requirements.
Requirements
• Minimum of five (5) years overall experience in the areas noted above with a Bachelor's degree from an accredited university in business or IT security related discipline.
• Six (6) years of relevant experience in the areas noted above in lieu of a degree.
• At least one industry certification: CISA, CISSP, CRISC, PCI QSA.
• Excellent English – written and spoken
• Good Project Management and time management skills
• An in-depth understanding of security and compliance programs (e.g., NIST CSF, AICPA TSCs and SOC II Reports, ISO 27001, GDPR, CCPA, PCI-DSS
• Experience in performing IT security risk assessments and/or managing information security audits
• Act as a liaison and manage all assessment/audit requests with Discovery's application / security control owners and third parties
• Working knowledge and experience in creating policies and technical documents
Preferred Qualifications
• 3 years of data security or security architecture and engineering experience
• Working knowledge and experience in developing and reporting performance and risk metrics (e.g., KPIs/KRIs – Status Reporting and Dashboard for senior management)