Discovery is a global leader in the media sector, serving passionate fans around the world with content that inspires, informs and entertains.
Discovery delivers over 8,000 hours of original programming each year across deeply loved content genres.
The world is changing all around us. To continue to grow as a business over the next years we must look ahead, understand the changing trends and be prepared for that what’s to come.
We must get ready for tomorrow today. Join us to be part of the adventure. Discovery inspires people to be the best they can.
Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.
Reporting directly to the Director, Information Security Risk Management, the Senior Information Security Risk Analyst will support the assessment of third-party risks, including risks presented as a result of Mergers & Acquisitions (M&As) and Joint Ventures (JVs).
Assists in ensuring overall adherence to information security policy and standards and implementation of best practices by third parties with whom Discovery engages.
Responsibilities will include business-as-usual delivery on risk assessments, contract reviews, consultation, and leading process improvement efforts.
This role requires the ability to understand and assess information security risks posed by third parties and clearly communicate those risks to the business.
It will apply global IT industry best practices to ensure Discovery uses third party information security risk management to foster business-enabling insights.
Support due diligence and risk assessments associated with Mergers & Acquisitions (M&As) and Joint Ventures (JVs)
Work with business to understand the scope of the M&A or JV, define scope of assessment and associated risks
Assess M&A or JV controls against Discovery information security policies and standards to identify, document, and communicate key deficiencies to the business
Report on assessment outcomes, risk level and associated recommendations to remediate issues
Coordinate across Information Security teams to incorporate technical reviews into overall assessment
Monitor corrective action plans against agreed upon timelines and actions and review evidence for closure
Proactively recognize potential information security issues through review and analysis
Coordinate with business and IT teams, as a SME / InfoSec liaison, supporting information security initiatives
Assist in implementing and maintaining tool(s) to manage risk assessments and information security posture
Support implementation of security monitoring capabilities and overall M&A or JV alignment with Discovery information security policies and standards
Participate in the design of IT architecture in order to adapt it to the size of the risk
Collect, report and continues monitor of key risk indicators (KRI) associated with M&A and JV assets
Effectively utilize reporting and collaboration tools such as JIRA, Confluence, GRC platform
Contribute to the team’s continuous improvement efforts by identifying opportunities and supporting implementation
3-5 years of experience in information security, third party risk management
Experience with Mergers & Acquisitions and Joint Venture information security risk assessments
Excellent English written and verbal communication skills
Previous experience in risk assessments and comprehensive knowledge of third-party risk concepts
In-depth understanding of information security best practices and privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act)
Ability to identify, and assess IT security controls against Discovery policies and standards and identify and communicate gaps
Ability to work collaboratively as part of a team, and across both business and technology functions
Detail-oriented individual with critical thinking, analytical, and problem solving skills
Demonstrated ability to interact, build relationships, and communicate well with members of team and management
Excellent communication skills, including the ability to present complex topics in clear, non-technical language; outstanding analytical, writing, and oral presentation skills
Demonstrated ability to manage multiple tasks concurrently, be proactive, take ownership of and solve problems, and to deliver work products which are consistent with sound and ethical business practices, and common sense;
Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences
Demonstrated ability to work within matrixed resources in a geographically distributed team environment
One or more of the following certifications :
CISSP, CRISC, CISM, CISA, CIPP (US / E), CIPT
Working knowledge and experience in performing IT security, data security, or data privacy audits and reviews
Strong working knowledge and experience with information security compliance, control design, and processes
Experience working in an international business environment with a geographically dispersed team
Experience with commercial GRC solutions
Familiarity with IP network infrastructure (firewalls, intrusion detection / prevention), access control, data encryption, physical security principles and cloud security
Education : Bachelors degree in Information Security, Computer Science or IT-related field , 3-5 years equivalent experience without a degree
Frameworks / Standards : Knowledge of NIST framework, ISO 27001-2x, ISO 31000, ITIL, COBIT and SIG.