HBO’s IT Security & Compliance team is responsible for protecting the employee and IT systems of HBO, which are critical in keeping the organization and its content running.
Our mission is very broad and our team is small and agile. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you will be empowered to engage cross-functionally. We frequently collaborate with other teams at HBO, and look externally to partner with unique and innovative security companies.
As an analyst, the initial focus for the position will be to support continuous testing of control related functions for IT. This position will have day-to-day responsibility and accountability of managing relationships with controls owners they are supporting. This role will assist in the development of work products, project deliverables (flowcharts, narratives, test plans, control matrices), as well as additional IT Compliance, Risk Management, and Information Security related projects.
WHAT YOU'LL DO
Perform quality review on IT General Controls to ensure they are operating as designed;
Communicate to Manager any discrepancies found, and document and track status of any open audit items
Provide support for the Application monitoring process, Entitlement reviews, Accounts (ID) Provisioning life cycle, Shared file servers permissions and adherence to the retention cycle.
Any additional responsibilities such as coordinating the onboarding of third party applications and vendors, training and awareness initiatives and metrics reporting.
Document walkthroughs as to how key controls are performed by the systems administrators
Recognize, identify, and escalate compliance or security related risks to enable appropriate action to be taken
WHAT WE'RE LOOKING FOR
- A burning desire to grow in security expertise
- 2+ years of related experience and/or training in the field of IT audit or IT compliance
- Big 4 experience preferred
- Experience and / or knowledge of privacy principles such as Sarbanes Oxley or SOX (must have), PCI, GDPR, and SSAE 18 standards, as well as GRC tools (nice to have)
- Demonstrated experience with and application in establishing security controls to protect information systems consistent within the industry.
- Knowledge of IT general controls and IT audit industry standards and the bodies that ratify them
- Knowledge of the media industry
BS in Computer Science or a related technical field or equivalent experience
Strong grounding in IT Audit principles
The ability to absorb and adapt to new technologies
Strong communication skills
Strong ability to troubleshoot
Willingness to take ownership and set direction in “gray” areas
Planning and Organizing –The ability to establish courses of action for self to ensure the work is completed efficiently