Brief:
Purpose of the Position
▪ Provide Connected Video with specialist strategic and operational governance, compliance, security, and risk management advice
and services. Protect the brands, commercial interests and reputation by continuously assessing business risk and implementing
risk reduction strategies.
▪ Responsible for the consistent implementation of DevSecOps principles and tools within CV, extending and unifying existing
security initiatives, providing continuous education and guidance, and further refining established security practices.
Detail:
Cyber Security and OTT Piracy
In partnership with the CV Technology department and Third-Party Vendors, design,
develop and implement the Connected Video security governance programme and
ensure that security practices are adopted in CV
▪ Ensure alignment with Group Infosec strategy
▪ Analyse the threat landscape in the CV environment
▪ Support the business with identifying, monitoring and managing internal and external
vulnerabilities and provide risk assessments and mitigation strategies to ensure
remediation of findings
▪ Conduct periodic security risk assessments to identify gaps and controls
▪ Development and implementation of security policies, procedures and security
incident response plans
▪ Ensure patch and vulnerability compliance, IAM/PIM, in accordance with policies and
procedures
▪ Actively manage/participate in anti-piracy initiatives, investigations, and activities
▪ Implement and/or adopt security tools, resolving and preventing vulnerabilities
everywhere in the stack
▪ Interface with engineering teams and help them with IT security projects
implementations
▪ Understand which parts and fundamental technologies make a modern user-facing
application possible, end to end
Risk Management
Apply technical expertise and analytical skills to identify and implement the most
appropriate risk assessment technique, supporting internal stakeholders undertaking
significant, complex, or novel risk assessments
▪ Support the development of a Governance & Risk Management framework in line with
the business objectives
▪ Articulate and Report on Risks
▪ Maintain the risk register, with actions and controls added to each risk
▪ Conduct risk tracking and monitoring (including following up on actions)
▪ Facilitate quarterly risk review workshops with the business
Head of CV Operations
Senior Manager Risk and Governance
Senior Specialist Security, Risk and
Governance
▪ Continuously improve risk management processes
▪ Record and distribute Progress Reports
▪ Develop and execute risk mitigations
▪ Conduct periodic reporting of risk register updates with the Exec Team and Group Risk
▪ Drive awareness of risk management across CV; Implementing awareness strategies
for BCM, DR, Risk, and all relevant procedures and processes
IT Governance
▪ Review policies and assess current policy gaps, update policies and implement
identified policies or policy changes for the year
▪ Maintain an accurate policy, procedure, and operations tracker
▪ Participate in Group Forums to ensure policies take the needs of a digital business into
account
▪ Support the implementation and management of the Connected Video Information
Technology General Controls framework for a DevOps environment; including analysis
of current policies, processes, procedures and controls, identifying gaps, align to best
practices and implementing the recommendations
▪ Manage the adherence of control objectives to respective systems
▪ Manage governance awareness initiatives of existing policies, procedures, processes,
and administration of the various governance forums
▪ Create new policies in line with best practices
Process assessment and improvement
▪ Analyse CV management practices
▪ Conduct gap analysis of existing processes
▪ Design and Improve processes
▪ Document processes and workflows
▪ Develop clear and detailed process maps
Qualifications
▪ Bcom degree in Risk Management, CRISK or equivalent
▪ Post Graduate Governance, Risk and Compliance Management would be advantageous
▪ OTT streaming and Video Entertainment business knowledge (Preferable)
▪ Experience in IT risk, governance, and security, operational and corporate governance, corporate compliance, or enterprise risk
management role for a medium to large corporation. Alternatively, experience as a consultant in any of the same areas.
show more...