Manager, Cybersecurity Risk Management

Welcome to Warner Bros. Discovery… the stuff dreams are made of.

Who We Are…

When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next…

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

* Must be able to work a hybrid schedule (3 days onsite) out of our Burbank office.*

The Manager Cyber Security Risk will focus efforts on managing and reporting on cyber risks globally across WBD. You will play a crucial role in assessing, managing, and driving mitigation of risks associated with our wider cybersecurity program. You will drive a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. You will work on identifying, and mitigating security risks in line with the company’s standards.

You will also provide subject matter expertise and technical guidance to process owners. By partnering with various stakeholders, including Product Owners, Business Control Owners, Technology Operations, DTC, etc., you will contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business. Your advanced knowledge of risk management principles and practices will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.

This position requires deep collaboration across cloud engineering, IT infrastructure, and application development, to effectively reduce the organization’s risk exposure. You will work closely with GICS and business unit leaders to ensure strategic and tactical risk mitigation efforts align with enterprise goals.

• Develop and maintain a comprehensive cybersecurity risk management strategy aligned with business objectives.
• Lead enterprise-wide risk assessments and remediation activities.
• Collaborate with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
• Monitor emerging threats and risk posture and activities accordingly.
• Present risk analysis, metrics, and mitigation plans to management and stakeholders.
• Identify risk and mitigating controls for risk exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., GDPR, PCI, SOX).
• Mentor and develop junior risk analysts and cybersecurity professionals.
• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations.
• Develop and maintain robust relationships, become a trusted partner with technologists, assessments teams, and stakeholders to facilitate cross-functional collaboration and progress toward shared goals.
• Proactively monitor and evaluate risk exceptions and risk register processes, identify gaps, and recommend enhancements to strengthen risk posture.
• Assist Info Sec teams in developing and maturing their risk exceptions rejection and approval criteria.
• Drive adoption of enterprise-wide risk assessment methodologies, frameworks, and tools.
• Collaborate with key stakeholders to enhance risk governance and ensure compliance with internal and regulatory requirements.
• Assist with the administration and maintenance of the Service Now GRC platform.
• Display and utilize advanced understanding of relevant SDLC methodologies, practices and compliance policies/procedures to assess risk exceptions criteria.
• Utilize prior experience in multiple IT disciplines and confirmed understanding of solution architecture, complex application systems design and platform integrations and various tech stacks during assessment of risk.