Coordinate with the Studios applications, database, and infrastructure teams to develop appropriate remediation activities and associated timelines for resolution of compliance including Management Audit related gaps by:
-
- Developing appropriate remediation plans and related timelines for SCS’s review and approval.
- Driving the relevant remediation plans to completion.
- Monitoring and adjusting remediation plans throughout the remediation cycle so that established milestones are more likely to be met.
- Working with application, database, and infrastructure teams to gather evidence reasonably required for the completion of remediation plans.
- Tracking and communicating to management known open compliance and management audit gaps and action plans.
- Identifying issues warranting escalation to management and providing services to assist Studio Cybersecurity and Risk team to resolve such issues.
- Support Third Party risk assessment processes by:
- Review intake requests to understand business use case and initial vendor impact
- Schedule kick-off meeting with business owner / requestor and vendor contact
- Send and review questionnaire responses and artifacts
- Analyze and identify any potential impact or deficiencies
- Communicate gaps and findings with stakeholders to identify any mitigating controls or remediation plans.
- Monitor for any necessary vendor reassessments
- Collaborate with SCS Application Security team for any testing and review applicable to vendor application / service.
- Provide support in documenting control exceptions:
- Review and analyze the exception request and validate that it is in security scope
- Work with application owner(s) to understand context and mitigating controls
- Document and capture review and conclusions
- Share with SCS management for peer review and communication
- Inform SCS Risk team