Job Posting Title:

Senior Security Analyst

Req ID:

10097564

Job Description:

JOB TITLE: Senior Security Analyst

LOCATION: Remote

JOB SUMMARY: The role is for an experienced GRC professional in cybersecurity to lead GRC activities and ensure smooth team operations. Key responsibilities include leading the Third-Party Risk Program, ensuring compliance, meeting KPIs, and managing third-party risks. The role will also support to govern the Cloud Centre of Excellence (CCoE), optimize cloud resources, automate risk management, establish risk assessment frameworks, maintain real-time dashboards, and ensure cybersecurity and IT compliance. 

REPORTING TO: Manager - Governance, Risk and compliance

KEY RESPONSBILITIES: 
•    Driving the Third-Party Risk Program
o    Ensure program compliance.
o    Meet program KPIs.
o    Report KPIs at defined frequencies.
o    Monitor KPIs on an ongoing basis.
o    Assist the team in managing and mitigating third-party risks.
•    As part of the Risk Management Program (IT & Cybersecurity), the role will; 
o    Establish processes for the collection of individual metrics across the documented risk domains.
o    Establish and manage connectivity through development between the source and destination platforms for populating and consolidating key metrics.
o    Maintain the risk methodology and process for incorporating risk scores and calculation metrics in the destination platform for each individual metric and at the domain level, in line with industry standards & best practices.
o    Build and manage a dynamic live dashboard that incorporates live query to the backend data that has the risk calculated to showcase live risk domains, their health, and other associated trends and insights as generated by platform.
o    Manage the reporting process around the program that includes scheduling periodic insights, dashboard updates to specific leaders and teams.
o    Ensure, through periodic reviews, the CIA of the information is maintained and adjust the metrics, sources, risk calculation and quantitative methods to ensure they are accurate and up-to-date, with automatic validations set up wherever possible.
•    Supporting the Cloud Centre of Excellence (CCoE) governance, ensuring implementation of industry best framework and practices in existing and new cloud-related setups. This includes:
o    Implement policies for efficient resource use and cost-effective strategies.
o    Eliminate unused resources and optimize pricing plans.
o    Set up budget workflows and thresholds to control spending.
o    Maintain real-time dashboards for monitoring usage and costs.
o    Use inbuilt tools to detect and address anomalies promptly.

o    Manage process to regularly review cloud operations.
o    Establish relevant policies and monitoring/reporting procedures to ensure compliance and accountability in cloud operations.
•    Establish and maintain a robust risk assessment framework to accurately inventory and evaluate assets in scope, ensure and track regular risk assessments, analyse risks consistently, and implement appropriate treatment and mitigation measures for timely remediation of cyber and IT vulnerabilities.
•    Managing, consolidating and tracking all identified risks, ensuring they are documented, assessed, and mitigated in a timely manner, and maintaining a consolidated risk register for ongoing risk management across various teams, processes, and technology. (Automate wherever possible).
•    Planning improvement opportunities to align with the organization's risk appetite and desired level through implementing automation, policy/process document enforcement, and other deliverables to enable business and key drivers.
•    Ensuring Cybersecurity & IT Compliance with internal policies, relevant regulations and standards (e.g., NIST CSF, ISO 27001) through continuous automated monitoring and reporting.
•    Being the RISK SPOC (Single Point of Contact) for fostering a culture of security, reliability, and efficiency, while minimizing risk and driving efficiency.

SKILLS & ATTRIBUTES FOR SUCCESS: 

    Excellent stakeholder management
    Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements etc.
    Understanding of Cloud Security/Compliance/Finops
    Experience in the management of risk, controls, and compliance
    Knowledge of risk assessment methodologies – qualitative/quantitative
    Excellent analytical and problem-solving skills
    Excellent presentation making and delivery skills

PREFERRED EDUCATION & EXPERIENCE: 
    Relevant Bachelor’s/Master’s degree from an accredited university or equivalent experience.
    4-8 years of experience across Third-Party Risk Management, Information Security and Audit & Compliance monitoring 
o    Minimum of 3 years in TPRM/Internal Audit/Risk.
o    Experience working on at least 2-3 Cloud Security related projects.
    Preferred experience with a large company and/or Big 4 accounting firm.
    One or more credentials - CISA, CRISC, ISO27001 LA/LI, CISSP, CCSSP.
    Experience in AI/ML and Cloud Finops is a plus.

ABOUT US: 
Disney Star is a leading media & entertainment company in India that reaches over 700 million viewers a month in nine different languages. Our entertainment portfolio which cuts across general entertainment, movies, sports, infotainment, kids, and lifestyle content generates over 20,000 hours of original content every year. 
Disney+ Hotstar, India’s leading streaming platform, enables us to reach and entertain audiences anywhere, anytime. Disney+ Hotstar has changed the way Indians consume their entertainment - from their favourite TV shows and movies to sporting extravaganzas. 
With leadership positions in every segment it occupies, Disney Star has been redefining the media landscape for more than 30 years now, anchored on the three pillars of storytelling, innovation, and an unwavering focus on delivering to the expectations of our audiences.

Join us, and let's continue to inspire a billion imaginations.

WHY JOIN US: 
Because our employees and cast members are at the heart of everything we do, Disney offers a competitive total rewards package that includes pay, health and savings benefits, time-off programs, special educational opportunities and more. Together, these rewards make up a comprehensive package that helps our employees grow personally and professionally and take advantage of the special extras that only Disney STAR can offer to make their journey memorable

Official Company Pages: Disney Star; Disney+ Hotstar

Official Careers: Disney Star Careers; Disney+ Hotstar Careers

LinkedIn: Disney Star; Disney+ Hotstar

Job Posting Segment:

Corporate Global Information Security

Job Posting Primary Business:

Network - Global Information Security

Primary Job Posting Category:

Security Governance

Employment Type:

Full time

Primary City, State, Region, Postal Code:

Mumbai, India

Alternate City, State, Region, Postal Code:

Date Posted:

2024-08-13