Senior InfoSec Risk Analyst
Warsaw, MZ, PL
6 d. temu

Discovery is a global leader in the media sector, serving passionate fans around the world with content that inspires, informs and entertains.

Discovery delivers over 8,000 hours of original programming each year across deeply loved content genres.

The world is changing all around us. To continue to grow as a business over the next years we must look ahead, understand the changing trends and be prepared for that what’s to come.

We must get ready for tomorrow today. Join us to be part of the adventure. Discovery inspires people to be the best they can.

Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.

Reporting directly to the Director, Information Security Risk Management, the Senior Information Security Risk Analyst will support the assessment of third-party risks, including risks presented as a result of Mergers & Acquisitions (M&As) and Joint Ventures (JVs).

Assists in ensuring overall adherence to information security policy and standards and implementation of best practices by third parties with whom Discovery engages.

Responsibilities will include business-as-usual delivery on risk assessments, contract reviews, consultation, and leading process improvement efforts.

This role requires the ability to understand and assess information security risks posed by third parties and clearly communicate those risks to the business.

It will apply global IT industry best practices to ensure Discovery uses third party information security risk management to foster business-enabling insights.


  • Support due diligence and risk assessments associated with Mergers & Acquisitions (M&As) and Joint Ventures (JVs)
  • Work with business to understand the scope of the M&A or JV, define scope of assessment and associated risks
  • Assess M&A or JV controls against Discovery information security policies and standards to identify, document, and communicate key deficiencies to the business
  • Report on assessment outcomes, risk level and associated recommendations to remediate issues
  • Coordinate across Information Security teams to incorporate technical reviews into overall assessment
  • Monitor corrective action plans against agreed upon timelines and actions and review evidence for closure
  • Proactively recognize potential information security issues through review and analysis
  • Coordinate with business and IT teams, as a SME / InfoSec liaison, supporting information security initiatives
  • Assist in implementing and maintaining tool(s) to manage risk assessments and information security posture
  • Support implementation of security monitoring capabilities and overall M&A or JV alignment with Discovery information security policies and standards
  • Participate in the design of IT architecture in order to adapt it to the size of the risk
  • Collect, report and continues monitor of key risk indicators (KRI) associated with M&A and JV assets
  • Effectively utilize reporting and collaboration tools such as JIRA, Confluence, GRC platform
  • Contribute to the team’s continuous improvement efforts by identifying opportunities and supporting implementation
  • Requirements

  • 3-5 years of experience in information security, third party risk management
  • Experience with Mergers & Acquisitions and Joint Venture information security risk assessments
  • Excellent English written and verbal communication skills
  • Previous experience in risk assessments and comprehensive knowledge of third-party risk concepts
  • In-depth understanding of information security best practices and privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act)
  • Ability to identify, and assess IT security controls against Discovery policies and standards and identify and communicate gaps
  • Ability to work collaboratively as part of a team, and across both business and technology functions
  • Detail-oriented individual with critical thinking, analytical, and problem solving skills
  • Demonstrated ability to interact, build relationships, and communicate well with members of team and management
  • Excellent communication skills, including the ability to present complex topics in clear, non-technical language; outstanding analytical, writing, and oral presentation skills
  • Demonstrated ability to manage multiple tasks concurrently, be proactive, take ownership of and solve problems, and to deliver work products which are consistent with sound and ethical business practices, and common sense;
  • Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences
  • Demonstrated ability to work within matrixed resources in a geographically distributed team environment
  • Preferred Qualifications

  • One or more of the following certifications :
  • Working knowledge and experience in performing IT security, data security, or data privacy audits and reviews
  • Strong working knowledge and experience with information security compliance, control design, and processes
  • Experience working in an international business environment with a geographically dispersed team
  • Experience with commercial GRC solutions
  • Familiarity with IP network infrastructure (firewalls, intrusion detection / prevention), access control, data encryption, physical security principles and cloud security
  • Education : Bachelors degree in Information Security, Computer Science or IT-related field , 3-5 years equivalent experience without a degree

    Frameworks / Standards : Knowledge of NIST framework, ISO 27001-2x, ISO 31000, ITIL, COBIT and SIG.

    Zgłoś tę pracę

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mój adres email
    Klikając przycisk "Kontynuuj", wyrażam zgodę neuvoo na przetwarzanie moich danych i wysyłanie powiadomień e-mailem, zgodnie z zasadami przedstawionymi przez neuvoo. W każdej chwili mogę wycofać moją zgodę lub zrezygnować z subskrypcji.
    Formularz wniosku