OVERVIEW OF ROLE:
- The Director of Risk and Governance will manage risk by identifying systems, assets, data and capabilities throughout the Global Technology and Operations organization. The role will allow management to focus and prioritize all information and overall security governance efforts to be consistent with business needs, risk appetite and overall risk management strategy. The successful candidate will require in-depth risk management knowledge, with a masterful understanding of industry standard best practices with the ability to apply them in large-scale enterprise-wide initiatives. The role will also be responsible for developing, maintaining and testing the Company‘s Business Continuity Program including supporting all business plan activities necessary to enable the organization to manage a crisis event as well as meet compliance requirements for business continuity planning.
PRIMARY DUTIES AND RESPONSIBILITIES:
- The ideal candidate is a strong leader capable of leading and collaborating with all GT&O teams, vendors, management and business unit organizations.
- Develop a customized set of information security and overall risk metrics to enable leadership to consistently and regularly evaluate the Company’s control environment (i.e. security incidents, patch management, critical log source monitoring, 3rd party vendor security, Cybersecurity training participation, etc.)
- Established a Risk and Governance Steering Committee made up of leaders within the GT&O organization. The purpose is to heighten awareness of the general risk landscape impacting the company, report on risk metrics for each business unit, and seek executive sponsorship of key risk initiatives that need to be prioritized to address urgent security needs.
- Manage the Company’s IT governance, risk and compliance program including IT compliance with the Sarbanes-Oxley Act (SOX), mapping the Company compliance program with industry frameworks (i.e. NIST-CSF, COBIT etc.), overseeing the design and execution of testing and remediation of IT internal controls over key AMCN systems and report and identify deficiencies and tested effectiveness of mitigating controls, collaborating with internal and external audit teams to efficiently leverage audit work performed across teams.
- Design, implement, maintain and manage an effective 3rd party risk program within GT&O. The program’s purpose is to evaluate the controls required to protect sensitive AMCN information prior to contracting with a vendor, contractor or supplier, as well as post-contract from an ongoing monitoring perspective. Design and operationalize the program to address key business and technical risks to ensure adequate controls are in place while addressing potential operational impacts to the business; verified vendor controls and certifications and map to critical AMCN data and data flow as appropriate.
- Responsible for developing and maintaining the AMCN Information Security and Risk policy, selectively leveraging industry frameworks (i.e., NIST-CST, COBIT, ISO27001, etc.) and execute the company’s overall security awareness training program.
- Devise and execute a communication plan to inform all levels of the organization our overall risk strategy with related policies and procedures to be followed enterprise wide.
- Steering Committee
- GT&O Leaders
- Internal Audit
- Business Owners and Business Managers/Leads
- External Partners and Vendors
- 8 + years of experience in a risk management specializing in technology and information security
- 8 + years of experience managing a full enterprise risk portfolio
- Entertainment industry experience is preferred
Knowledge and Skills
- Highly organized with the ability to maintain documentation and artifacts for the full risk landscape.
- Comfortable in a virtual, cloud-based working environment (i.e.; Office 365).
- Inquisitive and motivated to learn new skills/applications/approaches.
- Proactive problem solver, who can work both collaboratively and independently.
- Strong verbal and written communication skills, and interpersonal skills.
- Excellent organizational, analytical, and leadership skills.
- Exceptional collaborative qualities, works well with others and has a degree of independent drive.
- Effectively communicates relevant information to management by delivering well-organized presentations.
- Proven ability to work on tight deadlines and deliver quality results in a faced-paced environment.
- Bachelor’s degree, preferably in technology, management, or risk management.
- Preferred certifications: CCSP: Certified Cloud Security Professional, CISA: Certified Information Systems Auditor, CIPP/US: Certified Information Privacy Professional/United States
The Company is committed to policy of nondiscrimination in its employment and personnel practices. Applicants are considered for all employment without regard to race, color, religious creed, religion, alienage, citizenship, gender, gender identity, national origin, ancestry, genetic predisposition or carrier status, age, marital status, familial status, military or veteran status, status as a victim of domestic violence, stalking or sexual assault, sexual orientation, disability or any other characteristic protected by federal, state or local law.
Job ID : R-3264
- Address New York, NY, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 10-20