Senior Information Security Compliance Manager
CBS Business Unit: CBS Interactive
Job Type: Full-Time Staff
Job Location: New York, NY, US
CBS Interactive is the premier online content network for information and online operations of CBS Corporation as well as some of the top native digital brands in the entertainment industry. Our brands dive deep into the things people care about across entertainment, technology, news, games, business and sports. With over 1 billion users visiting our properties every quarter, we are a global top 10 web property and one of the largest premium content networks online.
Check us out on The Muse to get an inside look into #LifeAtCBSi through employee testimonials, office photos and company updates.
We are an enthusiastic group leading the information security strategy for CBS Interactive's online content network & operations. Our brands included in our portfolio of leading brands are the official sites of CBS, CBS News, CBS Sports, CNET, Gamespot, TechRepublic as well as some of the top native digital brands in the industry provide a unique opportunity to participate in building a secure risk program.
This position is responsible for IT Information Security & Compliance Programs and internal controls related to regulatory requirements. Reporting to the Chief Information Security Officer, you will be a vital part of our team responsible for keeping our Company and Customer’s data safe. You will be primarily responsible for designing, implementing, and maintaining our security compliance program. Additionally, you will work closely with other business units, to advise on risk, consult on compliance requirements, build security awareness, enforce policies, perform audits, and manage third-party due diligence. You will operate our risk assessment process, and track and report on gaps to closure and final resolution.
- Team up with IT Process Owners to identify/improve and document detailed controls and supporting documentation evidencing control operating effectiveness for key application, security and infrastructure components.
- Participate in planning, scheduling and preliminary analysis for all internal and external audit projects.
- Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverables.
- Work closely with external auditors and internal audit teams on managing and supporting the audits.
- Identify, document, and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of the audit project.
- Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas.
- Complete audit testing, inquiry, observation and other analysis required to meet objectives of audit projects.
- Keep existing policies and procedures aligned with audit and security requirements
- Communicate progress and results of audit throughout the audit engagements.
- Develop value added recommendations to deal with issues identified during assigned audits and draft audit reports to formally communicate the results of the audit and related recommendations.
- Monitor implementation of outstanding audit recommendations and validate their implementation.
- Serve as a member of the Technical Leadership Team, proactively partnering with peers to make decisions that drive growth and propel CBSi forward
What you bring to the team:
- Bachelor’s degree in Information Systems or related field, or equivalent experience
- Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred. Other certifications add value such as Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Information Security Professional (CISSP), CPA, and/or CIA.
- Minimum 5 years of internal or external audit experience with Big 4 Audit Firms, with exposure to the following compliance frameworks preferred AT101 Type2 SoC1 and SoC2 (SSAE16), ISO2700x, FedRamp, COPPA, ITIL, NIST
- Knowledge base related to controlling and securing system platforms (including Unix and Windows), database platforms, endpoint platforms, and network infrastructures is preferred.
- Understanding of Cloud industry technologies and IaaS, PaaS, SaaS platforms preferred. Ability to quickly acquire and apply knowledge of changing technologies implemented is essential.
- Understanding of audit process/methodology, and risk management/advisory ability
- Ability to think analytically, communicate complex issues, and develop control recommendations.
- Effective written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism.
- Demonstrated track record of integrity, effective communication, commitment to teamwork, innovation, and excellence.
All candidates must successfully complete a background check prior to starting employment at CBS Interactive. CBS Interactive is an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, or status as a veteran. CBS Interactive complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled