VP - Information Security

Position Summary

Our Team/Summary
As Discovery Communications’ portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

From Amsterdam to Singapore and from satellite and broadcast operations to SAP, we are driving Discovery forward on the leading edge of technology.

 

Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets within our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.

 

The Role
This Vice President leadership role must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little management supervision. This role will report to Discovery's CISO, and work with various Business Leaders, and applicable stakeholders to lead the coordination of relevant and consistent reporting that represents the risk posture for the businesses units to facilitate and garner support for Information Security initiatives across the enterprise. The individual will work to ensure information security risks are proactively managed and effectively controlled, mitigated and/or remediated with Senior Business leaders support and buy-in. The VP of Business Information Security (BIS) will work to ensure Discovery's information is protected by effectively applying the Confidentiality, Integrity and Availability framework as required by Discovery's policy and standards. The VP, BIS will partner with the business to ensure information risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program. The incumbent will also work with the business to recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes. As needed, the VP will work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security. In this role it is necessary to insure the technology is in compliance with Information Security standards and meets the specific business goals.

Responsibilities

1. Responsible for end-to-end information security work for assigned businesses.
2. Prepared information security reports for Senior Management summarizing risk posture of the business line.
3. Interprets and translates the information security requirements of the business Info Sec program into technical requirements.
4. Monitors changes in the risk profile of the highly critical systems. Provides ad-hoc security advice. Supports risk assessments whenever technical expertise is required.
5. Assists the system development and/or the Security Incident Response Teams in the investigation of incidents, and infrastructure units in identifying information security risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance.
6. Responds to security events by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value.
7. Provides guidance preparing for audits, resolving audit findings and ensuring closure. Reports information security non-compliance issues to the Business as applicable with appropriate documentation. Recommends and facilitates implementation of security solutions according to Discovery’s Information Security Policy, Standards, and baselines.
8. Helps to determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.
9. Develop and maintain strong business and technology relationships, becoming a trusted partner to the aligned business and technology partners.
10. Partner with the business Operational Risk functions to establish an understanding of the business’ appetite and tolerance for risk. Partner with business and technology to complete their IT risk control agenda, leveraging internal resources and processes as appropriate.
11. Partner with the rest of the Information Security organization to ensure program consistency, develop information security risk strategies, implement action plans, and recommend policy and procedural changes for risk avoidance and mitigation.
12. Provide subject matter expertise, guidance and direction into Information Technology policy, standards and controls and Information Security programs.
13. Communicate the practical implications of IT risk treatment decisions to business and technology individuals.
14. Track risk mitigation activities to ensure accurate and appropriate reporting to ensure that leadership is informed in a timely manner.
15. Build a culture and climate focused on the pro-active awareness of, and continuous improvement in, the technology risk environment

 

Requirements

BS degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology. An advanced degree in a relevant business area will be considered a positive. An advanced degree in a relevant business area is desired.
7+ years hands-on experience in Information Security with demonstrable, game-changing accomplishments in the Information Security area.
Demonstrable superior communication skills at all levels and within the user community as well as with technology staff; specifically, the ability to translate “technical jargon" into common business language is a must; so incumbent must have a proven experience communicating with, and influencing senior business and technology leaders.
At least one Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or Certified Information Systems Security Professional (CISSP) is highly desired.
Minimum 5-10 years experience working within the information security and IT Risk fields required.
Minimum 5 years experience in leadership and management role, leading IT Security objectives and process required.
Excellent verbal and written communications skills enabling candidate to prepare and present to all areas of the business line, including senior management.
Knowledge of industry-recognized information security-related standards such as ISO 2700x, COBIT, PCI-DSS.
Basic understanding of applications, network, operating system, and core infrastructure security concepts and concerns.
Strong client relationship and leadership skills.
Highly self-motivated/works independently. Strong organization skills. Detail-oriented, committed to quality.
Forward and creating thinking and planning, CISA, CISSP, CRISC certifications a plus.

* Must have legal right to work in the United States


Back to top