Senior Cybersecurity Engineer - Content Security

Key Responsibilities:

• Perform risk assessments for content production/post-production vendors, technology partners, and enterprise/operations vendors.


Evaluate vendors across domains including:
• Information Security
• Data Privacy (e.g., PII handling, data lifecycle, cross-border transfers, retention policies)
• Content Security (DRM, content handling, studio controls, access restrictions)
• Operational Risk & Business Continuity
• Compliance (ISO, SOC, regulatory requirements)


Data Privacy Assessment Responsibilities:
• Assess third-party privacy practices, including data collection, processing, storage, and sharing mechanisms.
• Validate compliance with internal privacy policies, contractual obligations, and applicable regulations.
• Review Data Processing Agreements (DPAs) to ensure third-party commitments match operational practices.
• Identify risks related to data exposure, misuse, or privacy violations and recommend mitigation steps.


Security & Control Validation:
• Conduct onsite and remote assessments to validate technical, physical, and administrative controls.
• Identify control gaps related to content protection, data protection, infrastructure security, and process maturity.
• Work with vendors to develop, monitor, and close remediation plans.


Governance, Reporting & Communication:
• Lead vendor interactions throughout the assessment lifecycle: documentation requests, clarifications, and recommendations.
• Maintain detailed risk reports, assessment summaries, compliance tracking, and risk scoring.
• Collaborate with internal Legal, IT Security, Finance, Procurement, and Business teams to support onboarding and contract renewals.


Continuous Monitoring & TPRM Enhancement:
• Conduct periodic reassessments for high-risk and critical vendors.
• Monitor new vulnerabilities or changes in vendor environments that may impact risk posture.
• Identify opportunities to streamline assessment workflows, improve control frameworks, and enhance TPRM maturity.

Required Skills & Qualifications:

• 4+ years experience in Third-Party Risk Management, Data Privacy Assessment, Information Security, or Audit & Compliance.
• Ability to travel domestically for onsite assessments.
• Basic understanding of media workflows (IPTV / OTT / Broadcast) is beneficial but not mandatory.

Preferred Education and Experience:

• Bachelor’s/Master’s degree or equivalent professional experience.
• Advantageous experience working with large enterprises or consulting firms (e.g., Big 4).
• Preferred certifications: ISO 27001 LA/LI, CISA, CISSP, CIPP, CRISC.

Closing:

About Us
Perched firmly at the nucleus of spellbinding content and innovative technology, JioStar is a leading global media & entertainment company that is reimagining the way audiences consume entertainment and sports. Its television network and streaming service together reach more than 750 million viewers every week, igniting the dreams and aspirations of hundreds of million people across geographies.


JioStar is an equal opportunity employer. The company values diversity and its mission is to create a workplace where everyone can bring their authentic selves to work. The company ensures that the work environment is free from any discrimination against persons with disabilities, gender, gender identity and any other characteristics or status that is legally protected