Lead Analyst, IT Security Compliance
New York, NY

Job Description

Lead Analyst, IT Security Compliance

REF#: 34443

CBS BUSINESS UNIT: CBS Corporate

JOB TYPE: Full-Time Staff

JOB SCHEDULE: Full-Time

JOB LOCATION: New York, NY

ABOUT US:

CBS Corporation (NYSE: CBS.A and CBS) is a mass media company that creates and distributes industry-leading content across a variety of platforms to audiences around the world. The Company has businesses with origins that date back to the dawn of the broadcasting age as well as new ventures that operate on the leading edge of media. CBS owns the most-watched television network in the U.S. and one of the world's largest libraries of entertainment content, making its brand - "the Eye" - one of the most recognized in business. The Company's operations span virtually every field of media and entertainment, including cable, publishing, local TV, film and interactive. CBS' businesses include CBS Television Network, The CW (a joint venture between CBS Corporation and Warner Bros. Entertainment), Network 10 Australia, CBS Television Studios, CBS Global Distribution Group, CBS Consumer Products, CBS Home Entertainment, CBS Interactive, CBS Sports Network, CBS Films, Showtime Networks, Pop, Smithsonian Networks, Simon & Schuster, CBS Television Stations and CBS Experiences.

DESCRIPTION:

Contribute in the development and implementation of a security focused audit and control program that aligns with ISO 27001, NIST and CBS security standards to test and monitor the IT production environments for potential system integrity exposure and control weaknesses. Lead internal information technology system audits, identify and assess risks and work with internal control owners to appropriately define and implement risk mitigation plans.

Responsibilities:

* Lead security focused IT risk assessments, identifying potential weaknesses and recommend value add, relevant remediation solutions that address internal control deficiencies. Develop and maintain security related control process flow and narrative documentation.


* Develop and execute security related IT control tests across applications, databases, operating systems and network devices.


* Identify and implement compliance tools with will serve as the repository for compliance controls, test procedures, test results and remediation plans.


* Lead the preparation, planning and execution of organization wide IT security compliance reviews.


* Partner with all levels of IT management to ensure security testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost effective recommendations being provided to management to strengthen controls.


* Routinely summarize and communicate to effected IT management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating internal controls business risks.


* Review control testing results undertaken by division management and assess reported results for accuracy and completeness.


* Prepare reports on findings and recommendations reported by divisions for policy, procedure and internal control improvements.


* Monitor security remediation plan execution through 'deficiency closed' phase.


* Identify on an ongoing basis relevant industry security trends and potential evolving risks facing IT initiatives, potential changes to IT security policies and related controls. Assess the impact of these changes on the scope and strategy of the IT security and compliance programs.


* Perform customary administrative tasks and responsibilities.


* Other assignments or special projects as requested by management.



QUALIFICATIONS:

* Skills/Experience Required:


* Seven (7) or more years of technology and audit experience (general technology controls, application, and pre-implementation system development reviews) within a public accounting and/or internal audit function


* Five (7) or more years of experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, and ISO, SOX 404 requirements including all phases of planning, evaluation, documentation, testing and remediation.


* Demonstrated proficiency of technology auditing control disciplines including thorough and general knowledge in security and one or more relevant areas of technical specialization (application security, database security, operating system security, network security)


* Working knowledge of:


* Windows Operating System and Active Directory Security including Users and Groups, Group Policy, Domain Structures, Security and Auditing


* UNIX / Linux Operating System Security, including Users and Groups, System Configurations, File Permissions, Privileged Accounts, Password Controls, Security and Auditing


* Network, firewall and IDS controls reviews


* Ability to think analytically, communicate complex issues and develop control recommendations


* Ability to lead and motivate people


* Effective written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism


* Customer focused and professional in work ethic and performance


* Demonstrated track record of integrity, effective communication, commitment to teamwork, innovation, and excellence


* A BA or BS Degree or equivalent in Information Systems, Computer Science, or related field



Preferred:

Professional Certification CISA, CISSP or equivalent

EEO STATEMENT:

Equal Opportunity Employer Minorities/Women/Veterans/Disabled