Information Security Officer
About the Job
WarnerMedia seeks an Information Security Officer for the GTO - ISO department.
The Business Information Security Officer, reporting to the Director, Business Information Security Officer, will help support discreet businesses and technology organizations to improve their information security posture. The role must also act as an evangelist of the company's information security policies, best practices and compliance obligations and will assist with performing risk and compliance assessments and serving as a liaison between the business and WarnerMedia's information security teams.
BISOs will also coordinate general risk/gap assessments and policy exceptions with the Security Policy and Compliance team and major roadmap activities with the Security Program Management team.
- Proactively identify information security risks, opportunities and recommend pragmatic solutions and serve as an escalation path for information security issues, incidents and inquiries implementation within the business units
- Partner with the WarnerMedia information security teams (security architecture, security monitoring, vulnerability management, etc.) and the program management office to facilitate security
- Conduct, support and/or facilitate third party information security and compliance assessments as well as manage a team doing the same.
- Work with business and technology organizations to remediate open audit internal or external findings
- Evangelize WarnerMedia's information security policies and standards across the domestic business units
- Educate partner groups on process and policy via formal and informal information sharing sessions (ranging from ad hoc meetings to full presentations)
- Coordinate risk management strategies working closely with WarnerMedia's business unit
- 2-4+ years of experience in computing and information security, including experience with internet technology and security issues - information security experience within the media industry is strongly preferred.
- Must be a superb relationship builder with the ability to work across groups within a global organization.
- Excellent written and verbal communication skills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Must be an intelligent, articulate, consensus building and persuasive leader who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization.
- A successful record of accomplishment in a similarly structured organization is strongly preferred.
- Experience as an accomplished thought leader without line responsibility would demonstrate ability to be successful in a locally empowered environment.
- Proactive and responsive
- Critical thinking skills with an inquisitive and questioning nature
- Ability to think big picture; a "systems thinker."
- Must be able to operate at the detail level as well as able to operate effectively with senior leaders
- Solid comprehension of security best practices and compliance frameworks and regulations (ISO27001, ISO27002, Privacy Shield, SOX, GDPR, PCI DSS)
- Self-motivated, with experience operating with remote, global teams
- Strong interpersonal and influencing skills of people at different levels and with different backgrounds and experiences
- Good understanding of secure software development best practices, network and other technical security controls
- Bachelor's Degree or equivalent experience