CBS Corporation Information Security Vendor /Third Party Risk Analyst in New York, New York

Information Security Vendor /Third Party Risk Analyst

REF#: 27612

CBS BUSINESS UNIT: CBS Corporate

JOB TYPE: Full-Time Staff

JOB SCHEDULE: Full-Time

JOB LOCATION: New York, NY

ABOUT US:

CBS Corporation (NYSE: CBS.A and CBS) is a mass media company that creates and distributes industry-leading content across a variety of platforms to audiences around the world. The Company has businesses with origins that date back to the dawn of the broadcasting age as well as new ventures that operate on the leading edge of media. CBS owns the most-watched television network in the U.S. and one of the world’s largest libraries of entertainment content, making its brand - "the Eye" - one of the most recognized in business. The Company’s operations span virtually every field of media and entertainment, including cable, publishing, radio, local TV, film, outdoor advertising, and interactive and socially responsible media. CBS’s businesses include CBS Television Network, The CW (a joint venture between CBS Corporation and Warner Bros. Entertainment), Showtime Networks, CBS Sports Network, TVGN (a joint venture between CBS Corporation and Lionsgate), Smithsonian Networks, Simon & Schuster, CBS Television Stations, CBS Radio, CBS Outdoor, CBS Television Studios, CBS Global Distribution Group (CBS Studios International and CBS Television Distribution), CBS Interactive, CBS Consumer Products, CBS Home Entertainment, CBS Films and CBS EcoMedia.

DESCRIPTION:

  • Perform vendor reviews in accordance with widely accepted security standards (e.g., ISO 27002, NIST, Shared Assessments etc.)

  • Help manage the rollout of a formal vendor risk assessment process to all impacted CBS business units

  • Help support management of security policy, standards and best practices development and maintenance

  • Support the policy exception process, identify rationale, risks and compensating controls

  • Develop and maintain metrics for the policy exception process

  • Facilitate maintenance and administration of the vendor assessment platform that supports the vendor assessment process

  • Develop and maintain metrics and KPIs for the vendor assessment process

  • Monitor security blogs, articles, and reports and remain current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends and incorporate information into processes, procedures, and audit preparedness activities

  • Perform other job-related duties as assigned

QUALIFICATIONS:

Required:

  • 2+ years of experience performing risk assessments of cloud/vendor hosted solutions

  • Significant understanding of the widely accepted security standards (e.g., ISO 27002, NIST, Shared Assessments etc.)

  • Experience in supporting management of vulnerability and/or risk remediation

  • Experience in supporting policy development and maintenance

  • Strong knowledge of information security across all domains and at least four years of information security experience

  • Experience with Archer or another industry standard vendor risk assessment solution

  • A demonstrable passion for the field of information security

  • Advanced communication skills (both verbal and written).

  • Ability to communicate technology issues to both technical and leadership personnel and negotiate to a mutually beneficial conclusion

  • Ability to multi-task, prioritize work and work independently

  • Process-oriented mindset

  • Able to successfully prioritize and manage to completion multiple complex tasks and deliverables, and demonstrate the highest degree of integrity and accountability in all actions

#DICE

#LI-PS1

Preferred:

EEO STATEMENT:

Equal Opportunity Employer Minorities/Women/Veterans/Disabled