Manager, Cybersecurity Risk Management

Welcome to Warner Bros. Discovery... the stuff dreams are made of.

Who We Are...

When we say, "the stuff dreams are made of," we're not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD's vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what's next...

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

Must be able to work a hybrid schedule (3 days onsite) out of our Burbank office.

THE JOB

The Manager Cyber Security Risk will focus efforts on managing and reporting on cyber risks globally across WBD. You will play a crucial role in assessing, managing, and driving mitigation of risks associated with our wider cybersecurity program. You will drive a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. You will work on identifying, and mitigating security risks in line with the company's standards. You will also provide subject matter expertise and technical guidance to process owners. By partnering with various stakeholders, including Product Owners, Business Control Owners, Technology Operations, DTC, etc., you will contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business. Your advanced knowledge of risk management principles and practices will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. This position requires deep collaboration across cloud engineering, IT infrastructure, and application development, to effectively reduce the organization's risk exposure. You will work closely with GICS and business unit leaders to ensure strategic and tactical risk mitigation efforts align with enterprise goals.

RISK OVERSIGHT

Develop and maintain a comprehensive cybersecurity risk management strategy aligned with business objectives.

Lead enterprise-wide risk assessments and remediation activities.

Collaborate with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.

Monitor emerging threats and risk posture and activities accordingly.

Present risk analysis, metrics, and mitigation plans to management and stakeholders.

Identify risk and mitigating controls for risk exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., GDPR, PCI, SOX).

Mentor and develop junior risk analysts and cybersecurity professionals.

Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations.

Develop and maintain robust relationships, become a trusted partner with technologists, assessments teams, and stakeholders to facilitate cross-functional collaboration and progress toward shared goals.

Proactively monitor and evaluate risk exceptions and risk register processes, identify gaps, and recommend enhancements to strengthen risk posture.

Assist InfoSec teams in developing and maturing their risk exceptions rejection and approval criteria.

Drive adoption of enterprise-wide risk assessment methodologies, frameworks, and tools.

Collaborate with key stakeholders to enhance risk governance and ensure compliance with internal and regulatory requirements.

Assist with the administration and maintenance of the Service Now GRC platform.

Display and utilize advanced understanding of relevant SDLC methodologies, practices and compliance policies / procedures to assess risk exceptions criteria.

Utilize prior experience in multiple IT disciplines and confirmed understanding of solution architecture, complex application systems design and platform integrations and various tech stacks during assessment of risk.

STRATEGIC LEADERSHIP, BUSINESS PARTNERSHIP & ENABLEMENT

Translate risk insights into strategic decisions and enterprise-wide policies.

Communicate effectively with leadership and stakeholders.

Contribute to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.

Develop metrics to track exception remediation rates, approval / review rates, aging, and SLA compliance.

Drive initiatives that reduce recurring exception requests through enterprise-wide solutions.

Engage with application, cloud, and infrastructure teams to promote remediation and risk ownership.

Foster collaboration across business units to ensure alignment between risk mitigation and delivery priorities.

Accountable for organizing and participating in and / or leading meetings with various stakeholders across the company, and across the globe.

Technical and experienced professionals who will ensure data and evidence meet remediation expectations and regulatory or policy requirements.

Responsible for tracking tasks and projects, assessment status, and are able to effectively communicate risks and overall status to your management in a timely manner.

Stay abreast of existing and upcoming projects to effectively plan your work.

Make updates to the centralized risk exceptions list, issues log, and other key team documents, ensuring accuracy, attention to detail, and overall status.

Assist in updating metrics and status updates on a regular basis for your Manager.

Ability to partner with other team members, contribute to building a positive team culture, learn internal processes, and contribute to building effective deliverables.

ANALYTICS

Monitor the effectiveness of the risk exceptions process in accordance with agreed upon metrics and performance measures to drive continuous improvements.

Conduct root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.

Collaborate with cross-functional teams to gather, interpret, and validate mitigating controls to ensure accuracy and relevance.

THE ESSENTIALS

8+ years of experience in security risk, with at least 3 years in a risk management role, or similar function.

Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.

Certifications such as CISSP, CISM, CRISC, or CISA highly preferred.

Proven ability to communicate complex risk concepts to non-technical stakeholders.

Strong expertise across cloud (AWS, Azure, GCP), on-premises, and application environments.

Experience with tools such as Service Now, GRC tools, PowerBi, and cloud technologies.

Strong knowledge of risk frameworks (e.g., NIST, ISO, PCI, SOX, etc.).

Bachelor's degree in computer science, Engineering, IT, or related field.

Strong analytical, quantitative, and qualitative skills with a detail-oriented, critical thinking mindset.

Strategic thinker with deep capability in applying risk principles to business environments.

Creative problem solver with sound business judgment and a proactive approach to risk mitigation.

Passion for accuracy and translating insights into compelling, high-quality narratives.

Exceptional communication skills-verbal, written, and visual-with fluency in English.

Proven ability to translate complex technical concepts into plain language for decision-makers.

Positive influence with strong stakeholder engagement and relationship-building abilities

Skilled in preparing polished deliverables that support informed decision-making.

Team player who builds trust across technical and non-technical teams.

Has 4+ years of experience managing and training staff.

Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.

Strong project management and delegation skills across diverse, cross-functional initiatives

Experience driving change to completion in dynamic, fast paced environments.

Proven ability to identify and assess risks across business processes, operations, and technology projects.

Deep understanding of business functions and ability to translate technical risk into business impact.

Highly organized with the ability to manage multiple assignments in iterative environments.

Committed to the highest standards of integrity, ethics, and professionalism.

Produces clear, polished work products in both narrative and visual formats.

THE NICE TO HAVES

One or more of the following certifications : CISSP, CRISC, CISA.

5+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus).

Familiarity with streaming and similar products / services.

4+ years of Big 4 experience or in a related field (media, entertainment, business development or streaming services industry experience a plus).

Experience working in a national or global company.

Comfortable working in a highly iterative environment, both structured and unstructured.

Risk mitigation experience with AWS and / or other Cloud Databases such as Azure, GCP, etc.

Metrics and visualization tools knowledge a plus (i.e. Power BI, Tableau,).

Advanced user of Microsoft Office (Excel, PowerPoint, Word) to prepare all project plans, deliverables, presentations, reports, and findings.

Additional Information

• ? On June 9, 2025, Warner Bros. Discovery announced plans to separate into two publicly traded companies, Warner Bros. and Discovery Global, with an expected completion in mid-2026. For more details, including leadership appointments and information on individual brands, please visit our newsroom here () .

Although you will be hired by Warner Bros. Discovery, upon the planned separation in 2026, your employment likely will transition to Warner Bros. Company or transition to Discovery Global. During this period of transformation, you'll have an exciting opportunity to lay the foundation at one of the world's premier entertainment brands.

How We Get Things Done...

This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com / guiding-principles / along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.

Championing Inclusion at WBD

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.

If you're a qualified candidate with a disability and you require adjustments or accommodations during the job application and / or recruitment process, please visit our accessibility page () for instructions to submit your request.

In compliance with local law, we are disclosing the compensation, or a range thereof, for roles in locations where legally required. Actual salaries will vary based on several factors, including but not limited to external market data, internal equity, location, skill set, experience, and / or performance. Base pay is just one component of Warner Bros. Discovery's total compensation package for employees. Pay Range : $133,140.00 - $247,260.00 salary per year. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Warner Bros. Discovery provides a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, a retirement savings plan, paid holidays and sick time and vacation.

If you're a qualified candidate with an arrest or conviction record, please know that your application will be considered in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.