820 S. Flower St.
Job Category: Security
Job Number: 18922
The primary purpose of this position is to perform security assessments of IT controls. This role will be responsible for executing and managing the workflow of security assessments throughout the enterprise (assessment scoping, evidence collection, reporting, process metrics, and process improvement). Other duties and responsibilities for the role are:
- Work with the client’ s GIS Compliance and segments to assess controls as well as identify security gaps
- Conduct interviews to clarify processes, understand all technology involved in service delivery and identify control gaps.
- Obtain and review relevant artifacts to support the assessment of security controls and procedures.
- Identify and assess IT related risks and control weaknesses to define appropriate remedies and minimize security threats.
- Collates conclusions and recommendations. Presents assessment findings to management regarding the effectiveness and efficiency of control mechanisms in third party financial and accounting systems.
- Manage inventories, scoping, planning, scheduling and execution of assessment, remediation efforts and compensating control creation, focusing on overall status to management.
- Provide assessment results (findings, impact and recommendations).
- Stay abreast of compliance and assessment trends within the Company, Legislators, Suppliers and regulatory bodies.
- Seek to continuously improve efficiencies related to management of service providers.
- 4+ years of IT audit, or IT security and/or compliance experience
- Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments
- CISA, CISM
- Knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GDPR, Payment Card Industry, Domestic and International Privacy regulations)
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments used to dispense financial and accounting services
- Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.)
- Knowledge of US Financial regulations and reporting requirements SOX, SSAE, IAS
- Project/program management and prioritization skills
- Experience implementing or assessing the security of IT systems
- Experience assessing compliance, design and operational effectiveness of IT security controls in a large international company
- Knowledge of Cloud and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)
- Experience in security audits including but not limited to SSAE16/18, GDPR, PCI, SOX
- Experience presenting and influencing C-level executives on IT security and matters
- External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
- 1+ years of program and project management experience
- 1-3 years of experience in third party risk management or IT vendor management experience