16 days old

Director Technical Security Compliance

Discovery Inc
Sterling, VA 20164
Apply Now
Apply on the Company Site
  • Job Code
    146117449
Discovery Inc

Location: Sterling, Virginia, United States,
Req ID: 12310

Overview

Our Team
As Discovery Inc.'s portfolio continues to grow around the world and across platforms the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discoverys products, while articulating the long-term technology strategy that will enable Discoverys growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.

The Role
The mission of the PCI program at Discovery is to protect our security posture. The PCI team ensures that all of our applications and platforms that handle payment data are PCI compliant and certified to PCI- DSS (Data Security Standards) as well as other PCI standards where applicable.

We are looking for someone to join our team to help us meet these compliance goals. This person will be a technically savvy person who likes to solve issues and drive outcomes.

Responsibilities

? Act as primary technical liaison and subject matter expert for internal teams
? Review data flows and architecture for new products to scope and determine PCI relevance
? Provide technical support to PCI team ISAs during certifications
? Address technical inquiries that are submitted pertaining to PCI
? Knowledge about new technologies and environments that impact PCI e.g. PCF, Public Cloud, FPANs and tokens, expanded account ranges etc.
? Work with global application teams to help them develop technical remediation strategies and compensating controls Participating in building the program to meet new requirements and rapid growth
? Representing PCI in long term technical projects that were identified through the PCI process to ensure compliance with standards e.g. encryption
? Communicate security risks and gaps as related to or identified by PCI to stakeholders and executive management
? This hands-on role would involve technical security assessments of applications and infrastructure, security design reviews as well as risk assessments.

? Review security architecture of applications and determine PCI relevance
? A qualified applicant would have strong technical skills from the hardware to the application layer.
? Employ strong research skills and problem-solving skills
? apply PCI standards to new and existing technologies
? Identify and evaluate security gaps
? Communicate business risk to stakeholders
? Understand security findings (scanning/Pen test) and assess remediation strategies
? Evaluate compensating controls
? Conduct or facilitate meaningful meetings
? Work in slightly chaotic, rapidly growing environment
? Work both independently and as part of a very cohesive team
? Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation action plans
? Actively lead projects in the areas of PCI-DSS and PA-DSS
? Communicating with project stakeholders to effectively convey requirements of technical and process improvements
? Communicate effectively across business and technical boundaries.
? Work independently without detailed guidance.
? Be proficient in writing executive level reports and technical documentation.

Qualifications

? PCI standards and requirements
? Latest information security protocols and standards
? Security controls, especially those that impact PCI (encryption, access, vulnerability testing etc.)
? Security prevention and detection systems and other security event management systems
? Data structures and classifications
? Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure
? Possess an in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO, etc.)
? Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation

? Compliance: regulatory, privacy, international laws and statutory requirements.
? Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies.
? Governance: vendor management, policy frameworks, control design and security design/architecture.
? Security architecture: infrastructure, network and systems design.
? Knowledge of and hands-on experience with PCI audits and PCI attestations.
? Must be PCI-QSA (Qualified Security Assessor) certified or have held the certification within the last three years.
? At least one other Security, Risk or IT certification (i.e. CobiT, CRISC, CISA, CISM, CISSP, or ISO 27001) achieved.
? Minimum of an Associate's Degree (AS). BS degree is a plus
? Minimum 4 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field.

Must have the legal right to work in the United States





PI146117449

Posted: 2021-09-03 Expires: 2021-10-05

Job Opportunities

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Director Technical Security Compliance

Discovery Inc
Sterling, VA 20164

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast