Sr. Information Security Risk Analyst

Who We Are

When we say, the stuff dreams are made of, we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth.

Behind WBD’s vast portfolio of iconic content and beloved brands, are the bringing our characters to life, the bringing them to your living rooms and the creating what’s next

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves.

Here you are supported, here you are celebrated, here you can thrive.

The Job :

The Senior Information Security Risk Analyst will oversee a team responsible for the identification, assessment and remediation of information security risks to the organization.

They will assist operation of the company risk management program, evaluate security risks and policy exceptions and provide guidance on managing information security risk to the organization.

RISK EXCEPTION ANALYSIS :

• Ingest, triage and evaluate information security policy exception requests submitted globally across Warner Bros Discovery
• Assign information security policy exception requests for technical analysis and leadership approval
• Gather supporting information to facilitate review of exception requests
• Track remediation and closure of approved information security exception requests
• Provide dedicated support to teams on submission, approval and remediation of information security exception requests
• Collaborate with business and technical representatives to identify and evaluate mitigating factors and remediation plans for addressing security risks to Warner Bros Discovery
• Build and maintain internal relationships to ensure alignment and partnership with key stakeholders globally across Warner Bros Discovery
• Act as a point of contact for information security risk and compliance inquiries

RISK REGISTER AND GOVERNANCE

• Support development and maintenance of the company-wide information security risk register
• Provide input to periodic information security policy and metric updates
• Lead scheduled and ad-hoc information security risk assessments of company initiatives, products and departments against corporate policies and security best practices
• Provide subject matter expertise on the design and implementation of technical security controls to address known risks and non-compliances

PROCESS DESIGN AND STRATEGY

• Design, implement and drive information security risk management processes using company tools and technologies
• Collaborate with key stakeholders to understand team needs and dependencies to better align business processes
• Prepare reporting on security issues and developing security risks to the organization

The Essentials

• BS degree or above required, ideally in Information Systems, Cyber Security or a related discipline
• 5+ years of prior experience in designing, implementing and assessing information security and compliance programs
• Ability to build and maintain relationships with a diverse range of stakeholders globally
• Ability to communicate technical security topics clearly and concisely to non-technical audiences and senior executives
• Ability to associate technical security issues to business objectives and operational impacts
• Ability to evaluate design effectiveness of technical security controls
• Familiarity with common Information Security frameworks and Regulatory standards such as NIST, ISO27001, SOX, SOC 2 reporting, PCI, HIPAA or FAIR
• Familiarity with secure development principles for operating systems, databases, applications and network infrastructure
• Expert user of Microsoft Office (Excel, PowerPoint, Word) to prepare all documents, presentations, graphs, briefings, and worksheets
• Ability to handle multiple assignments concurrently
• Fluent English language and writing skills

The Nice to Haves

• Familiarity with vendor security assessment techniques
• Familiarity with vulnerability management techniques
• Familiarity with secure cloud configuration principles for AWS, Azure or Google Cloud
• Familiarity with common Privacy regulations such as GDPR and CCPA
• Familiarity with implementing and utilizing GRC tools such as ServiceNow, OnSpring
• Familiarity with secure application development practices
• Familiarity with common encryption technologies
• Familiarity with firewall technologies such as Palo Alto
• Familiarity with production and broadcast environments
• Achievement of one or more security certifications such as CISSP, CISM or CRISC
• Knowledge of and passion for media, entertainment, and technology industries (including key players, growth trends and drivers, new media models, industry structure, etc.)
• Familiarity with streaming and similar products / services
• Experience working in a national or global company
• Some visualization tool knowledge would be helpful (i.e. Tableau, Power BI)
• Comfortable in working in highly iterative and somewhat unstructured environment

How We Get Things Done

This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done.

You can find them at along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.

Championing Inclusion at WBD

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects the diversity of our society and the world around us.

Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.