Requisition ID 25276
As Discovery Inc's portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The DCI Information Sr Director of Security Architect have direct responsibility for designing secure solutions for DCI. Ensuring systems are designed in a manner that meets any regulatory requirements as well as DCI security policies. The Security Architect is responsible for ensuring that the following activities are conducted, coordinated and applied consistently throughout the SDLC.
1. Perform information security assessments, prepare information systems security action plans, evaluate information security products, and perform other activities necessary to ensure a secure environment.
2. Implement the requirement of DCI and other information systems security policies, standards, baselines, guidelines, and procedures.
3. Reviewing current system security measures and recommend and implement enhancements.
4. Conducting regular system tests and ensuring continuous monitoring of network security is appropriate for current world threats.
5. Ensuring all personnel have access to the IT system limited by need and role.
6. Document detailed technical requirements and security baselines for technologies.
7. Authorize and review the results of major projects dealing with computer and network security.
8. Provide consultation to business lines on information security architecture.
9. Conduct after action reviews into any alleged computer or network security compromises, incidents, or problems and provide mitigating controls.
10. Review the status of the computer and network security.
11. Monitor changes in the security landscape and coordinate appropriate responses.
12. Actively monitor systems for indications of security compromise.
13. Build security requirements for security projects
14. Design and architect secure security solutions with deliverables that reflect the design and can be referenced for future reference.
15. Strong foundational knowledge in multiple information security domains such as access control, network security, operations security, application security, cryptography, computer forensics, security architecture and design, mobile device security, cloud security best practices
• One or more of the following certifications required:
o SSCP, CCSP, CISSP-ISSEP, CISSP ISSAP, GCED, GCCC
• performance and reliability
• Solid understanding of security protocols, cryptography, authentication, authorisation and security
• Good working knowledge of current IT risks and experience implementing security solutions
• Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent written and verbal communication skills as well as business acumen and a commercial outlook
• Minimum of 7+ years of security and/or IT experience required
• Able to provide computer forensic support to investigations in the form of evidence seizure, computer forensic analysis, and data recovery
• Experience knowledge of TCP/IP, networking design, and routing architectures
• Experience knowledge of network security systems and protocols, including firewalls, Radius and TACACS+, IPSEC and IKE, SSH, etc.
• Ability to maintain proficiency in vulnerability and threat management best practices
• Ability to develop and implement security procedures and control
• Bachelors degree required masters preferred 10 years equivalent experience without a degree
• Extensive knowledge of NIST framework, CSC framework, CSF framework, ITIL, COBIT, PCI, HIPAA, SOX and ISO 2700x. Experience deploying, managing or developing processes in one of these frameworks is preferred.
• Must have the legal right to work in the United States