Manager, Technology Risk Management

Warner Media Group California , MD 20619

Posted 1 week ago

Posting Job Description

What part will you play?

Are you interested in being part of the rapidly evolving entertainment industry, helping WB to continue bringing blockbuster films to audiences like the Harry Potter series and Wonder Woman as well as hit televisions shows such as Ellen and This Big Bang Theory? Do you want to design, implement, and operate a risk management program that drives the effective and efficient risk assessment, treatment, and acceptance processes intended to help technology functions identify and mitigate strategic, privacy, technical, and information-security related risks? Do you enjoy identifying and assessing the technical risks associated with large-scale systems implementations and helping to identify solutions toward mitigating those risks? If so, this is the right opportunity for you!

This position will establish and continuously improve upon a risk management program for WB (the studio). This includes defining and implementing processes to identify, evaluate, treat, and communicate risk related to information technology, information security, and privacy. This role will significantly influence controls, governance, and investment in technologies. In order to effectively and efficiently identify and evaluate risks, this position will build and maintain internal relationships to ensure alignment and partnership with key stakeholders across the studio. This position will also manage the policy exceptions process by evaluating all policy exceptions, proposing recommendations for mitigating controls, and evaluating residual risk. This person will be highly visible and influential across the studio, developing dashboards and reports to effectively and efficiently communicate and track risk and remediation activities.

What will you do?

  • You will manage the development and operations of a new Risk Management program, including development and implementation of a methodology and lifecycle that aligns with WM standards, including risk identification and tracking, risk assessment, risk treatment, and communication processes. This also includes identifying requirements, normalizing, and reforming the risk management processes across various domains such as Information Technology, Information Security, and Privacy.

  • You will perform and review risk assessments of cutting-edge system implementations and vendors to identify potential technical operational, security, or compliance weaknesses. This includes assessing the likelihood and impact of risks to recommend remediation prioritization to WB executives.

  • You will drive the risk treatment and acceptance processes, including reviewing remediation activities and policy exceptions.

  • You will deliver exceptional quality by accurately and efficiently maintaining an Executive Risk Register, as well as a technical Risk Register, and periodic reporting of risks/themes to relevant Information Risk Committees. This includes the design, development, and maintenance of relevant reporting dashboards and reports that outline findings, explain risk positions, and recommend ways to control or reduce risk.

  • You will keep informed regarding new compliance requirements to determine impact on the studio's risk exposure and making recommendations to the VP of GRCR for appropriate action.

What do we need from you?

  • Bachelor's degree in Management Information Systems or related discipline preferred

  • GRCP, CRISC, or CRM certification required

  • At least one security certification is preferred (CISSP, CISM, CISA, etc.)

  • Minimum 5 years risk management experience related to IT, Information Security, and Privacy

  • You should have a passion for quality and own the solution, whether it fails or flies.

  • You must have strength of character to believe in and advocate your projects.

  • You must be a problem solver and hold strong and practical techniques to move beyond an impasse.

  • You will be expected to try hard things and learn from mistakes.

  • You should have:

  • Expertise in information technology, information security, and privacy risk management.

  • Experience developing and maintaining risk registers.

  • Experience communicating risks to executives, responsible stakeholders, engineers, and developers.

  • Understanding of governance hierarchy.

  • Understanding of industry standards such as ISO 27001/2, NIST 800-53, and NIST Cybersecurity Framework, and ICS.

  • Experience with PCI DSS v3.x

  • Experience with ISO27001/2

  • Experience with GDPR

  • Experience with common SDLC processes

  • Ability to integrate experience and deep technical/professional knowledge to address complex issues and provide operational guidance.

  • Technically, you must have an understanding of:

  • Cloud-based solutions is required (e.g. Amazon AWS, MS Azure, Level 3, Akamai, etc.).

  • Networking hardware: routers, switches, and load-balancers, particularly F5 and Cisco products is preferable.

  • Commonly used protocols and services is preferred (e.g. SSL, TCP/UDP, WWW, FTP, etc.).

  • Security Incident Response (preferred)

  • You must be able to educate people regarding complex inherent and residual risks.

  • You should be completely reliable; someone the team can count on.

  • Strong client management and communication skills (verbal and written)

  • Must possess the ability to meet deadlines and manage personnel in an efficient manner.

  • Breaks down barriers and work collaboratively with colleagues in other departments or other parts of the business to solve problems.

  • Ability to thrive in a fast-paced and high-pressure environment.

  • Openly share knowledge and learning with others to benefit the entire team and company.

  • Ability to travel (approximately 5%, annually).

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Director Technology Contracts Management

Warner Media Group

Posted 2 days ago

VIEW JOBS 3/22/2019 12:00:00 AM 2019-06-20T00:00 Posting Job Description What part will you play? Warner Bros. Technology seeks a Director, Technology Contracts Management for the Enterprise Technology-Program Services department. This position is the primary relationship role for WB Technologies contract management vendors that encompass in excess of $50m in annual spend. This position will strive to reach optimal contractual models that are measurable by business outcomes and for the maximum benefit of Warner Bros. This position leads efforts in conjunction with WBT Application/Service Owners, Service Providers and WB Legal to manage the creation, negotiation, execution and oversight of highly complex Contracts and their associated Change Orders. This position ensures that Service Providers are adhering to the contractual requirements, operational guidelines and service delivery metrics in their contracts; manages the resolution of service delivery issues; and identifies trends for corrective action. This position oversees the WBT Vendor Management and Project Services teams that manage vendor relationships, provide third party resource management, and execute the procure-to-pay process for the entire WB Technology organization. * Contract Negotiation, Management and Oversight: * Propose business and contracting models to WBT leadership that meet the evolving needs of the technology organization, including Managed Services, Fixed Bid, Managed Capacity, DevOps and Gain Sharing. * Work with the WBT Executives engaging third parties to ensure that contract business terms (e.g. definition of services, deliverables, resources and pricing) are complete and appropriate, in keeping with the governing MSA's, and competitively priced. * For those contracts that span multiple WBT Application/Service Owners, ensure that the deadlines, deliverables and conditions described in those agreements are tracked and met by the Service Providers. * Manage an inventory of all active and in-process contracts and in-process contract change orders. * Work with WBT Application/Service Owners and with WB Legal to organize and monitor all major contract negotiations. * Ensure timely closure of all contract negotiation issues and manage the process through contract/change order execution. * Design and implement processes to ensure that executed contracts flow through the Vendor Management and Project Services pipelines in a timely manner. * Act as the point of escalation for both WBT stakeholders and for Service Providers on service delivery and contractual matters * Service Delivery Operations Management: * Establish and manage operational guidelines used by Service Providers for contractually required Service Level Agreement (SLA) and Key Performance Indicator (KPI) reporting, and for compliance with contractually-defined processes such as Incident, Service Request, Problem and Change Management. * Monitor service delivery quality and compliance through Service Now reporting and through monthly or quarterly performance review meetings. * Manage the onboarding of new Service Providers to WBT tools and operational processes through the Vendor Management, Project Services and Service Now teams. * Work with WBT Application/Service Owners when new applications/services are moved into existing support models to ensure operations are consistent * Financial Management: * Establish and manage the process of maintaining contract pricing schedules and financial projections for use by the WB Finance teams in support of monthly financial close processes. * In addition, manage the process of estimating annual spend on multi-year contracts for budget forecasts and to support the creation of annual Purchase Orders by the Project Services team. * Continuously communicate with the Finance teams on contract changes that have a material effect on department budgets and forecasts. * Knowledge Management: * Conduct periodic training of WBT Executives and teams on service delivery and contract models and their implications. * Maintain self-service training and reference materials related to WBT's major contracts, SLAs, KPIs, and operational guidelines. * Periodically audit Service Providers to ensure that they are maintaining the contractually-required documentation on their SharePoint sites and in Service Now. * Act as the point of contact for questions from WBT Application/Service Owners on contract-related questions. What do we require from you? * Bachelor's degree required; advanced degree is a plus. * 10+ years' experience in delivering application and/or infrastructure technology services. * 7 - 10 years' experience in creating, negotiating and managing highly complex contracts for application and/or infrastructure services either for the company buying the service or for the Service Provider. * Strong MS Office Suite skills, particularly in PowerPoint and Excel (pivot tables, charts). * Operational knowledge of SharePoint as a tool for publishing & sharing information. * Office 365 skills a plus. * Highly complex contractual models related to technology vendor services. * Working knowledge of legal requirements involved with contracts. * Contract development and administration. * Reporting and analysis of operational metrics. * Working knowledge of third-party resource management. * Working knowledge of budget and forecast processes. * Working knowledge of Procure to Pay processes. * Strong team management and personnel development skills. * Keen attention to detail, with an ability to spot errors. * Ability to influence and lead others, without direct reporting relationships. * Very strong verbal and written communication skills, and an ability to interact effectively with all levels of management. * Confident presenter in formal and informal settings. * Ability to multi-task, deal with ambiguity, and manage changing priorities. * Ability to craft solutions that balance broader business needs with timely delivery. * Self-starter who can operate without day-to-day management oversight. * Must be able to communicate effectively and tactfully with all levels of personnel, both in person and on the telephone. * Must be able to pay close attention to complex detail and understand written and oral instructions. * Must be able to organize and schedule work effectively. * Must be able to work well under time constraints. * Must be able to handle multiple tasks with changing priorities, communicating changes in scope and schedule to all parties concerned. * Must be results-oriented. * Must be able to work independently. * Must be able to work flexible hours, including possible overtime, when necessary. * Must be able to maintain confidentiality. Warner Media Group California MD

Manager, Technology Risk Management

Warner Media Group