Welcome to Warner Bros. Discovery… the stuff dreams are made of.
Who We Are…
When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next…
From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.
THE JOB
The Sr. Staff, Cybersecurity Risk Management is responsible for leading the assessment, governance, and continuous improvement of cyber risk across WBD’s global technology environment. This role drives a risk-based, data-driven approach to identifying, quantifying, prioritizing, and mitigating risk across cloud, application, infrastructure, and production systems.
A core responsibility of this role is owning and evolving the global cybersecurity risk exception process, and the security risk register, including defining governance, evaluating compensating controls, and ensuring consistent risk-based decision-making across the enterprise.
This role partners closely with Product Owners, Business Control Owners, Technology Operations, DTC, and Engineering teams to embed risk management into the SDLC and operational processes, while leveraging deep technical expertise in cloud architectures, vulnerability management, and control evaluation.
The position requires hands-on engagement with modern security tooling and architecture, enabling the translation of complex technical risk into actionable business insights and measurable risk reduction outcomes.
RISK OVERSIGHT & TECHNICAL GOVERNANCE
- Own and continuously enhance the enterprise cybersecurity risk management framework, aligned to NIST, ISO, PCI, SOX, SWIFT, and internal standards
- Lead end-to-end risk assessments across cloud, infrastructure, application, and third-party environments
- Drive risk quantification and prioritization based on business impact, exploitability, and control effectiveness
- Oversee the enterprise risk register, including identification of systemic risks and aggregation of risk themes
- Evaluate security control design and effectiveness, recommending remediation and compensating controls
- Assess complex environments leveraging expertise in solution architecture, system integrations, and modern technologies (e.g., microservices, APIs, containerized workloads, AI, and cloud identity/security models)
- Apply advanced knowledge of secure SDLC practices (CI/CD, infrastructure-as-code, integration patterns) to assess risk and validate controls
- Own and govern the global cybersecurity risk exception program, including lifecycle management, standardization, and continuous improvement
- Define and enforce risk-based approval criteria, ensuring alignment with enterprise standards and regulatory requirements
- Evaluate compensating controls and technical trade-offs using deep understanding of architecture and security design patterns
- Standardize exception documentation, validation, reporting, and periodic review processes
- Drive reduction of exception volume and recurrence through root cause analysis and systemic remediation initiatives
- Ensure consistent exception handling across global teams, platforms, and environments, and integration into the enterprise risk register
- Partner with Legal, Compliance, and business teams to embed risk-based decision-making into enterprise processes
- Monitor the evolving threat landscape and adjust risk posture, assessments, and priorities accordingly
- Support and lead cyber security compliance assessments globally across WBD, improving control design and compliance with WBD policies
STRATEGIC LEADERSHIP, BUSINESS PARTNERSHIP & ENABLEMENT
- Act as a trusted advisor to technology and business leaders on cybersecurity risk decisions
- Translate technical risk into clear, actionable insights that inform prioritization and investment decisions
- Drive adoption of enterprise risk methodologies, frameworks, and tooling
- Lead cross-functional initiatives to:
- Reduce recurring risk exceptions
- Improve enterprise security posture
- Embed risk ownership within engineering and product teams
- Influence and align stakeholders across DTC, product, infrastructure, and enterprise platforms
- Support other cybersecurity risk professionals, fostering technical depth and collaboration
- Drive risk-based vulnerability prioritization, incorporating exploitability, asset criticality, exposure, and threat intelligence
- Manage competing priorities in a high-volume, fast-paced environment
REPORTING & ANALYTICS
- Develop and track KPIs and KRIs for exception management (e.g., aging, approval rates, Define and track KPIs and KRIs for risk and exception management (e.g., aging, SLA adherence, recurrence trends)
- Develop and deliver executive-level dashboards and reporting (e.g., Power BI)
- Provide analytics across:
- Vulnerability remediation trends
- Exception volumes, aging, and approval rates
- Control effectiveness and systemic risk patterns
- Design and maintain data-driven reporting models and pipelines integrating data from ServiceNow IRM, Tenable, Wiz, Brinqa, and other platforms
- Ensure data quality, integrity, and consistency across reporting outputs
- Translate complex technical data into concise, leadership-ready insights
- Support executive, audit, and regulatory reporting requirements
- Partner with VM, cloud, infrastructure, and application teams to:
- Drive risk-based remediation of critical vulnerabilities
- Enforce remediation accountability and timelines
- Escalate systemic or aged issues impacting risk posture
- Support and enhance VM Remediation COE operations, including governance, process standardization, and reporting maturity
THE ESSENTIALS
- 10+ years of experience in cybersecurity risk, compliance, or related technical domains, including leadership of complex initiatives
- Deep expertise in:
- Cyber risk frameworks (NIST, ISO, PCI, SOX)
- Vulnerability management and risk prioritization
- Cloud security (AWS, Azure, GCP) and modern application architectures
- Security control design and compensation control strategies
- Strong technical understanding of:
- Cloud IAM, network security, and workload protection
- Secure SDLC, CI/CD pipelines, and system integrations
- Complex distributed systems and enterprise environments
- Experience with GRC and security tooling (ServiceNow IRM, Tenable, Wiz, Brinqa, Power BI)
- Proven ability to assess complex technical environments and translate risk into business impact
- Strong communication skills, with the ability to influence senior stakeholders and translate technical concepts into business language
- Advanced analytical, problem-solving, and program management capabilities
- Ability to manage multiple priorities in dynamic, fast-paced environments
- Strong attention to detail, organizational skills, and commitment to high-quality deliverables
- Bachelor’s degree in Computer Science, Engineering, IT, or related field
- Relevant certifications (CISSP, CISM, CRISC, CISA) preferred
- Proven ability to assess complex technical environments and translate risk into business impact.
- Exceptional communication skills with the ability to influence senior and executive stakeholders.
- Strong analytical, problem-solving, and program management capabilities.
THE NICE TO HAVES
- 6+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus).
- Familiarity with streaming and similar products/services.
- 4+ years of Big 4 experience or in a related field (media, entertainment, business development or streaming services industry experience a plus).
- Experience working in a national or global company.
- Comfortable working in a highly iterative environment, both structured and unstructured.
- Risk mitigation experience with AWS and/or other Cloud Databases such as Azure, GCP, etc.
- Metrics and visualization tools knowledge a plus.
Advanced user of Microsoft Office (Excel, PowerPoint, Word) for executive reporting and deliverables
- Experience supporting PCI or other regulated environments.
- Advanced experience with metrics, analytics, and visualization tools (i.e. Power BI, Tableau).
How We Get Things Done…
This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.
Championing Inclusion at WBD
Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, regardless of sex, gender identity, ethnicity, age, sexual orientation, religion or belief, marital status, pregnancy, parenthood, disability or any other category protected by law.
If you’re a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.