Assistant Manager -Cyber & Information Security
Cyber and Information SecurityOVERVIEW OF THE COMPANY
StarStar India has defined the Indian media landscape for more than 30 years, and today is one of the country’s leading media conglomerates, reaching around 700 million viewers a month on TV across India and over 100 other countries. Star India’s channel portfolio cuts across general entertainment, films, sports, infotainment, kids, and lifestyle content across eight languages. The network generates over 20,000 hours of content every year and broadcasts 70+ channels, reaching 9 out of 10 C&S TV homes in India. The Star Sports network is one of the leading sports networks with 17 channels in its bouquet. It is home to a number of leading domestic and international sports and is making quantum leaps in transforming sports in the country, helping India become a multi-sporting nation. Disney+ Hotstar, India’s largest premium streaming platform has changed the way Indians watch their entertainment - from their favourite TV shows and movies to sporting extravaganzas. With the widest range of content in India, Disney+ Hotstar offers more than 100,000 hours of TV Shows and Movies in 8 languages, regional and national News, and coverage of every major global sporting event, including the IPL. The company is present in the Indian movie production and distribution space through Fox Star Studios. The studios is also responsible for the marketing and distribution of its Hollywood slate in the country. For more details visit us at http://www.startv.com/JOB DESCRIPTION
KEY RESPONSIBILITIES
- Third Party Risk Management (TPRM) Program
- Support The Walt Disney Company’s (TWDC) global third-party risk strategy for carrying out cyber risk related due diligence assessments.
- Validate incoming Third-party Assessment (TPA) request, working with business stakeholders to confirm the details of the TPA request and the scope of the engagement.
- Conduct/Support kick-off sessions with the business stakeholders and associated third-party for conducting the TPA.
- Coordinate the distribution of due diligence questionnaires to the third party, review submitted questionnaires for completeness and determine risks arising from the current design and operational effectiveness of the third party’s security controls.
- Document responses, associated findings, and remediation plans in the TWDC systems.
- Draft report for the assessments conducted and ensure respective business stakeholders finalize reviews.
- Be a strong liaison to ensure any queries are answered regarding the TPRM process and assessment to the business or third parties as required.
- Perform continuous monitoring of the third parties through TWDC systems for existing/new findings and track any findings to closure.
- Identify opportunities of improvement within the TWDC systems and processes.
- Work closely with TPRM Lead/Manager to schedule and execute a variety of other supporting activities related to the TPRM.
- Governance, Risk and Compliance
- Support development of cybersecurity risk and compliance related processes to ensure treatment of cybersecurity risk in line with the organization’s risk appetite.
- Maintain compliance against information security related policies and procedures through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments.
- Assist in development and delivery of compliance and risk training and ongoing communications that help drive culture of security and compliance.
- Keeping abreast of regulatory changes, new regulations, technologies, and internal policy changes in order to further identify new key risk areas.
QUALIFICATION
- Relevant Bachelor’s/Master’s degree from an accredited university or equivalent experience.
- 3-6 years of experience across Third-Party Risk Management, Information Security and Audit & Compliance monitoring (Minimum of 2-3 years in TPRM).
- Preferred experience with a large company and/or Big 4 accounting firm.
- One or more credentials - CISA, CRISC, ISO27001 LA/LI, CISSP.
KNOWLEDGE AND SKILLS
- Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements etc.
- Experience in the management of risk, controls, and compliance
- Knowledge of risk assessment methodologies – qualitative/quantitative such as FAIR
- Excellent analytical and problem-solving skills
- Excellent stakeholder management
PERSONAL ATTRIBUTES
- Strong interpersonal skills
- Ability to navigate fast paced environment and be flexible with working hours
- Outstanding communication skills, both verbal and written
- Adapt quickly to changing situations and drive positive change
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider for employment qualified applicants with criminal histories consistent with applicable law.