Information Security Risk Manager

Company Overview: Every great story has a new beginning. As a premier global media and entertainment company, we offer audiences the world's most differentiated and complete portfolio of content, brands and franchises across television, film, sports, news, streaming and gaming. We're home to the world's best storytellers, creating world-class products for consumers. We are bringing together the scripted and the unscripted, the local and the global, the timely and the timeless. Taking the world's greatest possibilities and making them a reality. Creating impact, inspiring imagination, and building connections. Here you can succeed, here you are supported, here you are celebrated. From brilliant creatives to technology trailblazers and beyond, join us as we step into the next chapter.Position Overview:

• The Information Security Risk Manager will lead day-to-day operations around managing identified security risks to the organization.
• They will oversee design and execution of the company risk management program, evaluate security risks and provide guidance on appropriate risk mitigation activities with minimal oversight.
• The Manager will lead and coach a team of Information Security Risk Analysts, and be responsible for supporting development of their technical security skills.
• The Manager will proactively build and maintain relationships with business and technical stakeholders, by acting as a trusted advisor for security risk inquiries and concerns.

• Responsibilities: Lead identification, assessment and remediation activities for potential information security risks to the company and its operations.
• Direct business and technical representatives to identify and evaluate mitigating factors and remediation plans for addressing security risks to the organization.
• Design, implement and drive information security risk management processes using company tools and technologies.
• Build and maintain internal relationships to ensure alignment and partnership with key stakeholders globally across Warner Bros Discovery Develop and maintain the company-wide information security risk register.
• Prepare and present reporting to senior GICS leadership on security issues and developing security risks to the organization.
• Act as a point of contact for information security risk and compliance inquiries.
• Design and execute scheduled and ad-hoc information security risk assessments of company initiatives, products and departments against corporate policies and security best practices.
• Provide subject matter expertise on the design and implementation of technical security controls to address known risks and non-compliances

• Bachelor's degree or above required, ideally in Information Systems, Cyber Security or a related discipline.
• 7 or more years of experience in designing, implementing and assessing information security and compliance programs required.
• Ability to build and maintain relationships with a diverse range of stakeholders globally required.
• Past experience in communicating technical security topics to non-technical audiences and senior executives required.
• Past experience in associating technical security issues to business objectives and operational impacts required.
• Past experience in evaluating the design effectiveness of technical security controls required.
• Past experience building and executing risk assessments of security controls required.
• Past experience with common Information Security frameworks and Regulatory standards such as NIST, ISO27001, SOX, SOC 2 reporting, PCI, HIPAA or FAIR required.
• Past experience with implementing and utilizing GRC tools required Familiarity with secure development principles for operating systems, databases, applications and network infrastructure required.
• Familiarity with vendor security assessment techniques required.
• Familiarity with vulnerability management techniques required.
• Familiarity with secure cloud configuration principles for AWS, Azure or Google Cloud environments required.
• Familiarity with common Privacy regulations such as GDPR and CCPA preferred.
• Familiarity with production and broadcast environments preferred Achievement of one or more industry-relevant security certifications such as CISSP, CISM or CRISC preferred.
• Familiarity with secure application development practices an advantage.
• Familiarity with common encryption technologies an advantage.
• Familiarity with firewall technologies such as Palo Alto an advantage