Posting Job Description
What part will you play?
Are you interested in being part of the rapidly evolving entertainment industry, helping WB to continue bringing blockbuster films to audiences like the Harry Potter series and Wonder Woman as well as hit televisions shows such as Ellen and This Big Bang Theory? Do you want to design, implement, and operate a risk management program that drives the effective and efficient risk assessment, treatment, and acceptance processes intended to help technology functions identify and mitigate strategic, privacy, technical, and information-security related risks? Do you enjoy identifying and assessing the technical risks associated with large-scale systems implementations and helping to identify solutions toward mitigating those risks? If so, this is the right opportunity for you!
This position will establish and continuously improve upon a risk management program for WB (the studio). This includes defining and implementing processes to identify, evaluate, treat, and communicate risk related to information technology, information security, and privacy. This role will significantly influence controls, governance, and investment in technologies. In order to effectively and efficiently identify and evaluate risks, this position will build and maintain internal relationships to ensure alignment and partnership with key stakeholders across the studio. This position will also manage the policy exceptions process by evaluating all policy exceptions, proposing recommendations for mitigating controls, and evaluating residual risk. This person will be highly visible and influential across the studio, developing dashboards and reports to effectively and efficiently communicate and track risk and remediation activities.
What will you do?
You will manage the development and operations of a new Risk Management program, including development and implementation of a methodology and lifecycle that aligns with WM standards, including risk identification and tracking, risk assessment, risk treatment, and communication processes. This also includes identifying requirements, normalizing, and reforming the risk management processes across various domains such as Information Technology, Information Security, and Privacy.
You will perform and review risk assessments of cutting-edge system implementations and vendors to identify potential technical operational, security, or compliance weaknesses. This includes assessing the likelihood and impact of risks to recommend remediation prioritization to WB executives.
You will drive the risk treatment and acceptance processes, including reviewing remediation activities and policy exceptions.
You will deliver exceptional quality by accurately and efficiently maintaining an Executive Risk Register, as well as a technical Risk Register, and periodic reporting of risks/themes to relevant Information Risk Committees. This includes the design, development, and maintenance of relevant reporting dashboards and reports that outline findings, explain risk positions, and recommend ways to control or reduce risk.
You will keep informed regarding new compliance requirements to determine impact on the studio's risk exposure and making recommendations to the VP of GRCR for appropriate action.
What do we need from you?
Bachelor's degree in Management Information Systems or related discipline preferred
GRCP, CRISC, or CRM certification required
At least one security certification is preferred (CISSP, CISM, CISA, etc.)
Minimum 5 years risk management experience related to IT, Information Security, and Privacy
You should have a passion for quality and own the solution, whether it fails or flies.
You must have strength of character to believe in and advocate your projects.
You must be a problem solver and hold strong and practical techniques to move beyond an impasse.
You will be expected to try hard things and learn from mistakes.
You should have:
Expertise in information technology, information security, and privacy risk management.
Experience developing and maintaining risk registers.
Experience communicating risks to executives, responsible stakeholders, engineers, and developers.
Understanding of governance hierarchy.
Understanding of industry standards such as ISO 27001/2, NIST 800-53, and NIST Cybersecurity Framework, and ICS.
Experience with PCI DSS v3.x
Experience with ISO27001/2
Experience with GDPR
Experience with common SDLC processes
Ability to integrate experience and deep technical/professional knowledge to address complex issues and provide operational guidance.
Technically, you must have an understanding of:
Cloud-based solutions is required (e.g. Amazon AWS, MS Azure, Level 3, Akamai, etc.).
Networking hardware: routers, switches, and load-balancers, particularly F5 and Cisco products is preferable.
Commonly used protocols and services is preferred (e.g. SSL, TCP/UDP, WWW, FTP, etc.).
Security Incident Response (preferred)
You must be able to educate people regarding complex inherent and residual risks.
You should be completely reliable; someone the team can count on.
Strong client management and communication skills (verbal and written)
Must possess the ability to meet deadlines and manage personnel in an efficient manner.
Breaks down barriers and work collaboratively with colleagues in other departments or other parts of the business to solve problems.
Ability to thrive in a fast-paced and high-pressure environment.
Openly share knowledge and learning with others to benefit the entire team and company.
Ability to travel (approximately 5%, annually).
Warner Media Group