Manager-Information Security Vendor Risk Management

Key Skills

Aartificial intelligence, Cloud computing, Cyber Security, Google sheets, IaaS, KPIs, Leadership, Microsoft Office suites, Microsoft-Excel, PaaS, Powerpoint, Presentation skills, SaaS

Job Description

Your New Role...

Warner Bros. Discovery (WBD) is hiring a talented Manager-Information Security Vendor Risk Management who will be a part of the Global Information and Content Security (GICS) Vendor Risk Management (VRM) team supporting the organization across all domestic and international brands and divisions.

As a member of the VRM team you will work in partnership with key partners and stakeholders such as Legal, Privacy, and Procurement, to ensure information/data security risks are accurately assessed and contract language appropriately protects WBD from information security risks posed by supplier services. The Manager-Information Security Vendor Risk Management will also drive various initiatives to completion and assist in managing and growing an effective Vendor Risk Management Program. The successful candidate will have experience with understanding and assessing third party information security/technical risks and controls, performing data security contract reviews, solid knowledge in areas such as cloud security, network security, application security and vulnerability management, as well as experience with continuous improvement initiatives.

Your Role Accountabilities.

MANAGEMENT

• Manage assessment intake and oversight to ensure pipeline of assessments is managed in a timely and efficient manner.
• Oversee day-to-day activities of junior team members and consultants.
• Contribute to the team’s continuous improvement efforts by identifying opportunities and owning the development and implementation
• Primary back-up to Senior Director

RISK ASSESSMENTS

• Work with business to understand the “what” and “how” of supplier services to accurately assess level of risk and scope of assessment
• Perform timely assessments of supplier controls to identify, document, and communicate key deficiencies to the business and Information Security management
• Coordinate across Information Security teams to incorporate technical reviews into overall assessment (as needed)
• Report on assessment outcomes, risk level and associated recommendations to remediate issues
• Escalate issues, as needed
• Perform 2nd-level peer reviews of assessment outputs, prior to reports being finalized, to drive consistency and completeness of findings based on risk of engagement
• Support periodic re-assessment activities to ensure supplier adherence to data and content security requirements and to assess evolving risks and current threats

FINDINGS MANAGEMENT, REPORTING & ANALYTICS

• Monitor supplier corrective action plans against agreed upon timelines
• Review supplier remediation evidence for closure of findings
• Monitor the effectiveness of the VRM process in accordance with agreed metrics and performance measures to drive continuous improvements
• Assist with development and reporting of Key Performance Indicator metrics
• Maintain timely, accurate, and complete data within the identified system of record

CONTRACT REVIEWS

• Review contracts to ensure appropriate data security terms are included to protect WBD from data and content security risks
• Provide comment and acceptable alternatives to vendor contract revisions, in alignment with defined guidance
• Escalate provision changes, as needed

STRATEGY

• Stay abreast of existing and upcoming regulatory legislation and oversight requirements in order to assess potential impacts to the WBD VRM program.
• Assist in creation of comprehensive and meaningful strategy presentations for senior executives
• Document roadmaps for key initiatives and programs
• Ability to contribute to building a framework and drive development for ongoing business planning and goal measurement through KPIs

Qualifications & Experience...

• BS/BA degree required
• Relevant certification (Security+,CISSP, CISA, CISM, CRISC)
• 8+ years working in information security and/or third party risk management, with experience in a technical setting
• 3+ years performing third party risk assessments
• Strong knowledge of cloud-based models (SaaS, PaaS, IaaS) and technologies used to implement controls within these environments, network security, application security, and vulnerability management.
• Knowledge of controls frameworks and industry standard frameworks (NIST CSF, SSAE 18/SOC, ISO, etc.)
• Experience in identifying risk-based issues and working across organizations to remediate.
• Able to work independently, flexible and adaptive and demonstrate a passion to operate in a dynamic and fast-growing environment.
• Ability to work collaboratively within and across teams, including Privacy, Legal, Procurement, and the business
• Detail-oriented individual with organizational, critical thinking, analytical, and problem solving skills; able to maintain a balance between the details and the larger picture
• Excellent written and verbal communication skills, with the ability to present complex topics in clear, non-technical language
• Ability to handle multiple assignments concurrently and reprioritize as needed
• Demonstrated ability to be proactive, take ownership of and solve problems
• Active learner - able to proactively enhance personal, professional, and business growth through new knowledge and experiences
• Comfortable working in highly iterative environment
• Strong leadership, project, and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments.
• Expert user of Microsoft Office (Excel, PowerPoint, Word) to prepare all documents, presentations, graphs, briefings, and worksheets

 The Nice to Haves

• 3+ years of Big 4 experience in a related field
• 3+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience)
• Knowledge of and passion for media, entertainment, and technology industries (including key players, growth trends and drivers, new media models, industry structure, etc.)
• Familiarity with ad tech, AI, streaming and similar products/services
• Experience working in a national or global company.