CBS Corporation Information Security Risk Manager in New York, New York

Information Security Risk Manager

REF#: 26731


JOB TYPE: Full-Time Staff




CBS Corporation (NYSE: CBS.A and CBS) is a mass media company that creates and distributes industry-leading content across a variety of platforms to audiences around the world. The Company has businesses with origins that date back to the dawn of the broadcasting age as well as new ventures that operate on the leading edge of media. CBS owns the most-watched television network in the U.S. and one of the world’s largest libraries of entertainment content, making its brand - "the Eye" - one of the most recognized in business. The Company’s operations span virtually every field of media and entertainment, including cable, publishing, radio, local TV, film, outdoor advertising, and interactive and socially responsible media. CBS’s businesses include CBS Television Network, The CW (a joint venture between CBS Corporation and Warner Bros. Entertainment), Showtime Networks, CBS Sports Network, TVGN (a joint venture between CBS Corporation and Lionsgate), Smithsonian Networks, Simon & Schuster, CBS Television Stations, CBS Radio, CBS Outdoor, CBS Television Studios, CBS Global Distribution Group (CBS Studios International and CBS Television Distribution), CBS Interactive, CBS Consumer Products, CBS Home Entertainment, CBS Films and CBS EcoMedia.


CBS is seeking an Information Security Risk Manager to join its Information Security Group. The position will be member of the Risk Management team, addressing the responsibilities below.


  • Manage CBS information security policies and standards, understand their operational impact to CBS and continually refine policy to ensure effectiveness

  • Identify, document and communicate information security risks associated with the protection of CBS data stored, processed, or transmitted through CBS and 3rd party information systems and applications using standard CBS tools and assessment processes

  • Develop and refine security processes as required to ensure continued effectiveness, in support of a diverse array of business services and IT applications

  • Manage CBS policy exemptions, identify rationale and risks underlying exemption requests, weigh effectiveness of compensating controls, and make decisions around exemption requests

  • Work closely with a wide range of audiences, from fellow IT Risk and security managers, legal and compliance representatives, internal and external auditors, vendors, CBS executives and clients to meet ISG security objectives

  • Influence technical and strategic direction of the Information Security function, especially as it relates to emerging risk management requirements

  • Blend technical Information security and IT risk management background with outstanding business acumen and communication skills in order to understand and convey complex IT security and risk management concepts and solutions to both technical and non-technical audiences, and to provide on-the-fly critical thinking and problem solving skills in high-pressure situations



  • Bachelor’s degree in a related field or equivalent experience

  • 5+ years of experience in security and/or technology gropus, advising on development and execusion of information technology solutions and security technologies, particularly in large, decentralized environments

  • Working knowledge or understanding of a wide range of information security controls and technologies e.g., firewalls, VPN, PKI, encryption, intrusion detection systems, vulnerability & risk management tools and methods, penetration testing, malware identification, common Windows (desktop & server) operating systems, UNIX/Linux platforms

  • Experience with applying and supporting common risk management frameworks such as NIST and Critical Security Controls, and familiarity with regulatory control requirements associated with information security and data protection such as ISO 27002, PCI, country and state data privacy and breach laws (US, European, Canadian etc), SSAE-16, SOC1/2 etc.

  • Solid experience supporting, or managing one or more of the following: IT risk identification and assessment, control design and implementation, compliance monitoring, vendor risk assessments related to information security requirements, policy development

  • Results focussed - with a strong desire to constantly research and master new concepts, technologies and controls related to information security and apply to ongoing tasks and deliverables

  • Excellent written and verbal communication skills

  • Confident in developing presentations and effectively leading meetings and conference calls

  • Be a self-starter, able to work under pressure and with limited supervision, and work well with others in a large and diverse environment

  • Ability to successfully prioritize and manage to completion multiple complex tasks and deliverables, and demonstrate the highest degree of integrity and accountability in all actions

  • One or more of CISSP, GSEC, CISA, CISM, CRISC certifications strongly preferred but equivalent knowledge will be considered




Equal Opportunity Employer Minorities/Women/Veterans/Disabled