Sr. Manager, Risk Management
United States - California - Burbank, United States - Georgia - Atlanta, United States - New York - New York
May. 21, 2020
Company OverviewWarnerMedia is a leading media and entertainment company that creates and distributes premium and popular content from a diverse array of talented storytellers and journalists to global audiences through its consumer brands including: HBO, HBO Now, HBO Max, Warner Bros., TNT, TBS, truTV, CNN, DC Entertainment, New Line, Cartoon Network, Adult Swim, Turner Classic Movies and others.
Opportunity OverviewThe Job
Do you want to be part of designing, implementing, and operating a lean and modern risk management program that drives risk assessment, treatment, and acceptance processes intended to help technology functions identify and mitigate information-security related risks? Do you enjoy identifying and assessing the security risks associated with large-scale systems implementations and helping to identify solutions toward mitigating those risks? If so, this is the right opportunity for you! This position is responsible for establishing, enhancing, running, and continuously improving a risk management program for WarnerMedia.
- This includes processes to identify, evaluate, treat, and communicate risk related to information security.
- They will identify and track high-risk assets/hosts and prioritization of controls applied to those assets.
- They will track and manage risk by developing and maintaining a risk register and linking it to responsible groups within the organization and the critical assets list.
- Their role will influence controls, governance, and investment in technologies.
- In order to effectively and efficiently identify and evaluate risks, this position is responsible for building and maintaining internal relationships to ensure alignment and partnership with key stakeholders across the Studio.
- This person will leverage these relationships to participate in projects in order to ensure governance requirements are being considered and mitigated within the design and implementation of systems across the company.
- They will also be responsible for the risk exceptions process by evaluating all policy exceptions, proposing recommendations for mitigating controls, evaluating residual risk, and making recommendations to senior leadership.
- This person will also develop dashboards and reports to effectively and efficiently communicate and track risk and remediation activities that will ultimately be reported the WM Information Security Risk Committee (IRC).
- Total +10 years of experience Minimum 4 years risk management experience
- Minimum 4 years of experience in Information Security
- Experience with SOX, GDPR/ CCPA, and PCI DSS
- Understanding of ISO, NIST, and other industry standards in Information Security, Privacy, and IT Compliance
- Experience building and maturing complex programs from scratch
- Experiencing staging transformational maturity for complex programs
- Bachelor's degree in Management Information Systems or related discipline preferred
- At least one security certification is preferred (CISSP, CISM, CISA, GSEC, GISF, GPEN, GWAPT, GCIH, GCIA or GCUX or equivalent)