Job Information
Warner Bros. Discovery Senior Manager, Information Security Compliance in Washington, District Of Columbia
Every great story has a new beginning, and yours starts here.
Welcome to Warner Bros. Discovery… the stuff dreams are made of.
Who We Are…
When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next…
From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.
Your New Role...
Warner Bros. is looking for a skilled Senior Manager, Information Security Compliance who will join the Global Information and Content Security team that supports the organization globally across all US and international brands and divisions. As part of the GICS team, you will lead the PCI program globally and will collaborate with key business units and stakeholders to ensure security and compliance with Payment Card Industry (PCI) requirements and other cybersecurity regulatory and policy requirements. The ideal candidate will have experience as a PCI Qualified Security Assessor (QSA) with experience across multiple compliance domains in audit process/procedure, risk analysis and mitigation, control testing, and continuous improvement initiatives. The candidate will have experience completing PCI 4.0 assessment types including but not limited to SAQ-A, ROC, SAQ-D, SAQ B-IP, and SAQ P2PE, as well as experience managing a PCI ASV scanning program. We support critical brands such as DC Universe, Harry Potter, Game of Thrones, Barbie, Adult Swim, Cartoon Network, Discovery+, Max, Bleacher Report, HGTV, Food Network, etc. The WBD PCI program is inclusive of different types of environments collecting payments such as ecommerce systems including retail, ticketing, DTC Subscriptions, PPV Sports, donations & partner payments, mobile in app purchases, and vendor invoicing, and physical locations such as call centers, museums, retail physical stores, physical tours, pop up shops, and virtual reality experiences.
We cultivate a security culture across all teams and disciplines, providing policy, standards, guidance, and awareness training to everyone. We work closely with departments across the company to understand their workflows and help ensure they are following the best security practices. We partner with technology stakeholders to assess our posture, build controls, and mitigate security risks.
This team concentrates on validating that critical processes and controls are functioning end-to-end, identifying risk areas and control mitigation, as well as participating in projects to understand and determine potential impact to regulatory compliance components. You will identify areas of improvement and non-compliance which may lead to process changes and/or new controls. The Information Security Compliance Senior Manager will drive various initiatives to completion and assist in managing and developing an effective Compliance Program. You will be accountable for a variety of functions centered on effective implementation of all the elements of a compliance program (project): compliance with applicable laws, rules, and regulations, internal policies, and procedures, and accepted business practices.
Your Role Accountabilities...
Build, oversee, and evolve the Information Security Compliance strategy in the areas of: PCI, Data Security, Privacy, Swift, etc.
Lead and develop highly talented team members and security professionals.
Communicate status of security compliance efforts to executive leadership and management across technology disciplines.
Keep current with the latest security technology advances and evolving compliance requirements and propose innovations that may benefit the business.
Assist project team, key stakeholders, and management to prioritize security and compliance requirements and develop and maintain detailed project plans.
Assist in information security assessments, audits, risk mitigation, and remediation.
Advise in implementing solutions and mitigation plans for control deficiencies, regulatory and policy gaps and make recommendations for process efficiencies.
Drive process improvements and control implementation across business functions, including resolution of assessment findings and independent initiatives.
Effectively assist in leading by influence and work on cross functional teams.
Lead targeted compliance assessments, audits, and reviews, communicating results and recommendations in clear and concise written reports; and collaborate with management to ensure corrective actions are implemented effectively.
Investigate compliance issues and assist with investigation reports.
Validate system requirements, flows, and written procedures through testing and observations, and to ensure regulatory compliance operating procedures and controls are working as intended.
Help provide training and training materials for new processes.
Participate in cross-functional teams to support various regulatory compliance subject matters ensuring that user activities continue to support systematic processes in place and drive positive compliant behaviors or that proposed new system changes fully meet Regulatory, Security and Legal requirements.
Perform analysis based on the testing results through observations and reports to identify system and process gaps reducing risk for WBD.
Document all work, and findings resulting from testing and communicate to relevant stakeholders within defined standard processes.
Conduct related ongoing security compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
Lead compliance assessments including testing to demonstrate the effectiveness of controls, and supporting team members to ensure reviews are critical, comprehensive, and thorough.
Collaboration
Accountable for providing leadership and management of Information Security Compliance team members and managing the effective delivery of those services to the company.
Technical and process expert who will provide thought leadership and drives execution excellence in ensuring that solutions are designed and built to support WBD’s business.
Responsible for establishing and tracking goals and strategic roadmap initiatives for various programs.
Stay abreast of existing and upcoming regulatory legislation to assess potential impact on the WBD compliance programs.
Make updates to the Unified Controls Framework (UCF) as agreed with other team members and relevant governance bodies.
Assist in the implementation of the Company GRC system, policies, standards, and processes.
Assist in creation of comprehensive and meaningful strategy presentations for senior executives.
Document roadmaps for key initiatives and programs.
Ability to contribute to building a framework and drive development through dynamic business intelligence tools and dashboards for use in ongoing business planning and goal measurement.
Reporting
Identify and measure key performance indicators showing the efficacy of risk-mitigating controls and the health of the program.
Monitor the effectiveness of the compliance assessment process in accordance with agreed metrics and performance measures to drive continuous improvements.
Develop comprehensive performance analysis of business processes and review ways of improvement.
Develop and report upon agreed Key Performance Indicator metrics.
Develop comprehensive performance analysis of business processes and review ways of improvement.
Actively participate in stakeholder meetings with the goal of understanding all major projects and initiatives planned.
Qualifications & Experience...
Ability to work a hybrid work schedule (3 days onsite) out of our Atlanta office.
Bachelor’s degree in computer science, business administration or related technical field.
8+ or more years working in audit or compliance environments in a corporate or consulting capacity, with experience in a highly technical setting.
6+ years working in PCI regulatory assessments / requirements; previous PCI Qualified Security Assessor “QSA” certification required.
3+ years of team leadership experience.
Experience working with leading cloud providers AWS, Azure and GCP.
Experience defining certification/action plan roadmaps balancing compliance deliverables, business requirements, and resource allocation.
Relevant certification (CISA, PCIP, CISM, CISSP, etc.).
Experience with cross-functional risk, compliance and/or information security disciplines.
Subject matter expertise in the areas of PCI, Data Privacy, SSAE 18, Swift, SOX, etc.
Superior analytical and problem-solving skills.
Superb relationship building skills.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action.
Ability to work with changing priorities and with multiple projects.
The ability to be precise and attentive to detail is essential.
You possess the highest integrity commensurate with a compliance & ethics position.
You have excellent communication and project management skills.
You produce clear & polished work product, in narrative and visual form.
You have driven change to completion across functions in a technical environment.
You can work independently, are flexible and adaptive, and demonstrate a passion to operate in a dynamic and fast-growing environment.
Strong quantitative, qualitative, and analytical skills with ability to use sound business judgment and to exercise skepticism as needed.
The Nice to Haves
5+ years of Big 4 experience in a related field.
3+ years of prior experience in a related field (media, tech, entertainment, business development or streaming services industry experience).
Knowledge of and passion for media, entertainment, and technology industries (including key players, growth trends and drivers, new media models, industry structure, etc.).
Familiarity with streaming and similar products/services.
Experience working in a national or global company.
Some visualization tool knowledge would be helpful (i.e., Tableau, Power BI).
Comfortable in working in a highly iterative environment.
Creative problem solver who possesses sound business discernment and is highly detail oriented.
A passion for accuracy and translating insights into a compelling narrative; able to maintain a balance between the details and the larger picture.
#LI-Hybrid
How We Get Things Done…
This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.
The Legal Bits…
In compliance with local law, we are disclosing the compensation, or a range thereof, for roles in locations where legally required. Actual salaries will vary based on several factors, including but not limited to external market data, internal equity, location, skill set, experience, and/or performance. Base pay is just one component of Warner Bros. Discovery’s total compensation package for employees. Pay Range: $113,750.00 - $211,250.00 salary per year. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Warner Bros. Discovery provides a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, a retirement savings plan, paid holidays and sick time and vacation.
Warner Bros. Discovery embraces the opportunity to build a workforce that reflects the diversity of our society and the world around us. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.
If you’re a qualified candidate and you require adjustments or accommodations to search for a job opening or apply for a position, please contact us at recruitadmin@wbd.com.