Senior Infosec Risk Analyst
Discovery Communications
Warsaw, MZThis was removed by the employer on 2/11/2021 7:32:00 AM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Senior Infosec Risk Analyst jobs in Warsaw-MZ
Search all Senior Infosec Risk Analyst postings
Full Time Job
Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.
Reporting directly to the Director, Information Security Risk Management, the Senior Information Security Risk Analyst will support the assessment of third-party risks, including risks presented as a result of Mergers & Acquisitions (M&As) and Joint Ventures (JVs). Assists in ensuring overall adherence to information security policy and standards and implementation of best practices by third parties with whom Discovery engages. Responsibilities will include business-as-usual delivery on risk assessments, contract reviews, consultation, and leading process improvement efforts.
This role requires the ability to understand and assess information security risks posed by third parties and clearly communicate those risks to the business. It will apply global IT industry best practices to ensure Discovery uses third party information security risk management to foster business-enabling insights.
Responsibilities
• Support due diligence and risk assessments associated with Mergers & Acquisitions (M&As) and Joint Ventures (JVs)
• Work with business to understand the scope of the M&A or JV, define scope of assessment and associated risks
• Assess M&A or JV controls against Discovery information security policies and standards to identify, document, and communicate key deficiencies to the business
• Report on assessment outcomes, risk level and associated recommendations to remediate issues
• Coordinate across Information Security teams to incorporate technical reviews into overall assessment
• Monitor corrective action plans against agreed upon timelines and actions and review evidence for closure
• Proactively recognize potential information security issues through review and analysis
• Coordinate with business and IT teams, as a SME/InfoSec liaison, supporting information security initiatives
• Assist in implementing and maintaining tool(s) to manage risk assessments and information security posture
• Support implementation of security monitoring capabilities and overall M&A or JV alignment with Discovery information security policies and standards
• Participate in the design of IT architecture in order to adapt it to the size of the risk
• Collect, report and continues monitor of key risk indicators (KRI) associated with M&A and JV assets
• Effectively utilize reporting and collaboration tools such as JIRA, Confluence, GRC platform
• Contribute to the team's continuous improvement efforts by identifying opportunities and supporting implementation
Requirements
• 3-5 years of experience in information security, third party risk management
• Experience with Mergers & Acquisitions and Joint Venture information security risk assessments
• Excellent English written and verbal communication skills
• Previous experience in risk assessments and comprehensive knowledge of third-party risk concepts
• In-depth understanding of information security best practices and privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act)
• Ability to identify, and assess IT security controls against Discovery policies and standards and identify and communicate gaps
• Ability to work collaboratively as part of a team, and across both business and technology functions
• Detail-oriented individual with critical thinking, analytical, and problem solving skills
• Demonstrated ability to interact, build relationships, and communicate well with members of team and management
• Excellent communication skills, including the ability to present complex topics in clear, non-technical language; outstanding analytical, writing, and oral presentation skills
• Demonstrated ability to manage multiple tasks concurrently, be proactive, take ownership of and solve problems, and to deliver work products which are consistent with sound and ethical business practices, and common sense;
• Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences
• Demonstrated ability to work within matrixed resources in a geographically distributed team environment
Preferred Qualifications
• One or more of the following certifications:
• CISSP, CRISC, CISM, CISA, CIPP (US/E), CIPT
• Working knowledge and experience in performing IT security, data security, or data privacy audits and reviews
• Strong working knowledge and experience with information security compliance, control design, and processes
• Experience working in an international business environment with a geographically dispersed team
• Experience with commercial GRC solutions
• Familiarity with IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption, physical security principles and cloud security
Education:
Bachelors degree in Information Security, Computer Science or IT-related field , 3-5 years equivalent experience without a degree
Frameworks/Standards: Knowledge of NIST framework, ISO 27001-2x, ISO 31000, ITIL, COBIT and SIG.