Third Party Data Security Analyst
Location: Sterling, VA, United States, 20116
Req ID: 2224
Discovery hires the very best and brightest talent who are enthusiastic and passionate to fulfill the company's mission of empowering people to explore their world and satisfy their curiosity.
In exchange for their talent and drive, employees are provided with an engaging, diverse workplace and the resources they need to learn, thrive and grow in their careers.
Reporting directly to the Director, Information Security Risk Management, the Third Party Data Security Analyst will support the assessment of third party risks. Assists in ensuring overall adherence to information security policy and standards and implementation of best practices by third parties with whom Discovery engages. Responsibilities will include business-as-usual delivery on risk assessments, contract reviews, consultation, and supporting process improvement efforts.
The Analyst is a technology and process focused security professional with an understanding of data protection threats and mitigating controls. This role requires the ability to understand and assess information security risks posed and clearly communicate those risks to the business. It will apply global IT industry best practices to ensure Discovery uses information security risk management to foster business-enabling insights.
- Work with business to understand services provided by vendor, define scope of assessment and identify associated risks
- Assess Vendor controls through document review and information gathering sessions to identify, document, and clearly communicate key deficiencies to the business, using non-technical speak
- Coordinate across Information Security teams to incorporate technical reviews into overall assessments
- Monitor corrective action plans against agreed upon timelines and actions and review evidence for closure
- Review contracts to ensure appropriate data security terms, aligned with Discovery policies and standards, are included
- Contribute to the team's continuous improvement efforts by identifying opportunities and supporting implementation
- Support reporting and analytics functions to drive value-add metrics that highlight breakdowns of third party information security risk, team productivity, and identify opportunities for process improvement
- 2-4 year's experience in information security, third party risk management and/or privacy
- Strong understanding of information security threats based on scope of service and controls to mitigate risks
- Comprehensive knowledge of third-party risk concepts and experience in performing vendor risk assessments
- Excellent communication skills, including the ability to present complex topics in clear, non-technical language; outstanding analytical, writing, and oral presentation skills
- Knowledge of privacy compliance programs (e.g., General Data Protection Regulation, California Consumer Privacy Act)
- Proven record of leveraging real-world experiences to identify process improvements and drive their implementation
- Detail-oriented individual with critical thinking, analytical, and problem solving skills
- Demonstrated ability to manage multiple tasks concurrently, be proactive, take ownership of and solve problems, and to deliver comprehensive and thoughtful work products;
- Active learner - able to enhance personal, professional, and business growth through new knowledge and experiences
- Team-player with a "can do" attitude
- Ability to work collaboratively as part of a team, and across both business and technology functions
- Must have legal right to work in the United States
- Experience in performing data security audits, data privacy audits, reviews, and/or IT/security audits
- Strong working knowledge and experience with data security compliance, control design, and processes
- Experience working in an international business environment with a geographically dispersed team
- Experience with commercial GRC/VRM solutions
- Familiarity with IP network infrastructure (firewalls, intrusion detection/prevention), access control, data encryption, and physical security principles
- Media industry experience a plus, but not required
Certifications: CISSP, CRISC, CISM, CISA, Security Plus
Frameworks/Standards: Knowledge of NIST framework, ISO 2700x, ITIL, and SIG
Discovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including but not limited to all local Fair Chance Ordinances.
EEO is the Law
Pay Transparency Policy Statement
If you are an individual with a disability and need an accommodation during the application process, please send an email request to HR@discovery.com.