9 days old

Sr. Director - Product Security

Discovery Inc
New York, NY 10001
Apply Now
Apply on the Company Site
  • Job Code
Discovery Inc

Location: New York, New York, United States,
Req ID: 31184


As Discovery's portfolio continues to grow around the world and across platforms the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O Implements and maintains the business systems and technology that are critical for delivering Discoverys products, while articulating the long-term technology strategy that will enable Discoverys growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.


Key Areas of Responsibility

The Sr. Director, Product Security oversees all information security efforts for Discoverys digital platforms, revenue-generating business systems and applications across the globe.

Sr. Director is specialized in and is accountable for information security issues relevant to Direct-to-Consumer (DTC), customer-facing technologies, appropriate protection of user and customer information (e.g., GDPR, CCPA, PCI, SOX), and consumer privacy. Sr. Director will drive translation and successful execution of cyber security requirements, and lead resolution of Digital Platform and business-related systems security issues in fast-paced global environments.

Sr. Director will be heavily involved in evaluating application security technologies and workflows across platforms, including DTC platforms, Discoverys portfolio of TV Everywhere apps and products, Discovery GO, Motor Trend, PGA streaming services, and the Eurosport Player Eurosport being the leading provider of locally relevant, premium sports and Home of the Olympic Games across Europe. In addition, VP/Sr. Director will have management responsibility for Cloud Security and Data Security SMEs in support of the Digital Platform technology environment.

Sr. Director will report directly to the VP, Global Product Security, Business InfoSec Office and will work collaboratively and effectively with the Global Information Security team, Broadcast and TVN Business Information Security Offices and Infrastructure teams to design and deploy appropriate, risk-based safeguards and technical direction. Position is second-in-command for Global Product Security organization.

Other responsibilities:
  • Hybrid work environment. Must be based in the Discovery office, minimum two-days/week.
  • Manage Global Application Security / DevSecOps team, in addition to supporting the U.S. and International Digital organizations.
  • Evaluate, manage, and support application security technologies, processes, and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)
  • Conduct application security risk assessments, analysis, and monitoring
  • 24x7 on-call availability for Information Security issues across the globe
  • Develop and execute security assessment test plans, document, and present results
  • Review developers codes, provide feedback and perform security and risk assessment for consumer-facing applications, services, and future technology
  • Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements, as needed
  • Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners
  • Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program Teams, etc.) to support and remediate security gaps
  • Review Technical Architecture and Delivery for Web and other Client Delivery Platforms
  • Understand and recommend security controls for the rapid development of consumer-facing prototypes to identify technical options and inform architectural approaches
  • Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)
  • Engage assigned business lines as the central point-of-contact for information security controls.
  • Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations, seeking understanding of control requirements for presenting to IT security solution architects
  • Advocate for the companys security initiatives and controls deployment. Stays knowledgeable about the companys technical controls and advocates for the technical security control needed by assigned business.
  • Promote and evangelize the companys IT and Information Security Policies and Standards. Advise stakeholders on security deviation control alternatives, such as compensating controls, and leads stakeholders through the policy deviation process.


  • Must be willing and able to travel up to 10% of the time
  • 7+ years experience in managing Information Security global teams
  • 7+ years experience in of cybersecurity architecture/engineering, cloud security, and/or application security (Appsec, Netsec), with a bachelors degree or higher in related field
  • Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
  • Extensive experience in secure code reviews, business logic assessment, and application security testing
  • Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
  • Familiar with application security tools like BurpSuite Pro, SAST, DAST, Nmap, Metasploit, and Kali Linux, etc. (Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc., is also preferred)
  • Experience managing secure coding and software deployment in a variety of current languages (e.g. Python, Node.js, C#, .NET, JavaScript, Go, Ruby, PowerShell, Bash, Scala, SDK and RESTful API design/development).
  • Experience working with Agile development/Scrum methodologies, and incorporation of security requirements into SDLC (CI/CD) with product owners/managers
  • Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
  • Excellent knowledge of software and application design and architecture
  • Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
  • Experience with Unix/Linux and Windows operating systems in an Active Directory environment
  • Experience with endpoint security and SIEM technologies, e.g., Carbon Black, QRadar
  • Experience working in large global environments
  • Excellent communication and presentation abilities with great attention to detail
  • CISSP, CEH, GWEB, CWAPT, CASS, SCADA, CCSP, CSSLP, CISSP-ISSAP or OSCP certifications are highly desired
  • Must have legal rights to work in US


Posted: 2022-01-13 Expires: 2022-02-14

Job Opportunities

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Sr. Director - Product Security

Discovery Inc
New York, NY 10001

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast