Information Security Manager (12m FTC)
Length of contract: 12-month Fixed-Term Contract
Make a difference working as part of a progressive and forward-thinking global information security team. Responsible for Information Security for the European Head Office, Territories and EU PlayStation Studios, you will be working closely with the wider Sony Group Information Security teams to manage and embed information security risk management. This role is an excellent opportunity to work across a variety of areas of the business, liaising with stakeholders across senior leadership, business management, studio production and IT.
Having achieved and maintained an ISO27001 Certified Information Security Management System since 2012, information security is established within the business. Reporting to the Director of Information Security, this role will be responsible for the operational management of the PlayStation Europe Information Security Management System.
What you'll be doing:
• Risk Management – assisting in the maintenance of the information security risk register utilising various risk assessment methodologies (identifying information security risks and risk treatment actions and escalating them through appropriate management channels) and managing appropriate treatment activity.
• InfoSec Risk Reporting - Manage and deliver InfoSec risk reporting to senior partners within Infosec, IT and the Business to communicate status and key risks associated with security across multiple verticals and business areas.
• ISMS Ownership – Track, review and continuously improve risk management activities across the SIE ISMS working with relevant process owners and stakeholders. Maintain InfoSec policies, standards, and frameworks in line with both Sony Global and external requirements. Plan, prepare and facilitate the planned 2023 ISO27001 surveillance audit with external auditors on behalf of SIE.
• Security Governance & Compliance Reviews – approving and conducting security reviews and assessments across all areas of the organisation and driving implementable remediation plans to address any findings with relevant risk owners. Deliver the planned FY22 InfoSec audit schedule and plan the FY23 audit schedule based on identified key risk and strategic areas.
• Advisory and Business Relationship Management - Be a subject matter expert on all aspects of operational information security and cyber risk. Establish positive relationships with stakeholders from across the SIE Business, IT and PlayStation Studios.
• InfoSec Process Implementation- Continue to act as the core representative for wider InfoSec to stakeholders from across PlayStation Studios, Enterprise and EU Territories in order to embed security processes and promote alignment across their reporting, communications and risk management.
• Management, Reporting and Escalation of InfoSec BAU Processes – supporting the InfoSec team and being an escalation point for delivering the BAU processes for third party risk management, incident management, security risk exceptions, gap assessments, and security reviews.
What we're looking for:
• Demonstrable knowledge of current information security best practices, standards, risk methodologies and relevant legal, financial and regulatory requirements.
• Experience of managing security within a media environment would be highly desirable.
• Stakeholder management experience essential.
• General IT technical and cloud security knowledge.
• Willingness to travel (up to 20%)
• Strong planning, analytical and organisation skills.
• Excellent communication skills (written and oral).
• Strong influencing and collaborative skills.
• Excellent interpersonal skills and the ability to influence and work across an organisation at
• management and all levels.
• Complete integrity and reliability to manage and perform sensitive and confidential work.
• Extensive, full-time experience within information security management which must include versatile and diligent auditing and gap assessments across information security domains.
• Excellent demonstrable experience of working with relevant industry leading practice security standards and legislation; e.g. ISO27001, BS2599, PCI Security Standards
• Experience working with formal risk assessment, controls and project management methodologies
• Knowledge of technical security issues and solutions
• Knowledge of cyber threats, penetration testing, and vulnerability assessments
• Understanding of cloud security controls
• Understanding of IT security control products/protocols
• MSc in Information Security Management (or equivalent levels of experience)
• Recognised industry qualifications such as CISSP, CISM, CISA, CRISC, ISO27001 Lead Auditor (this list is not exhaustive)
• Discretionary bonus opportunity
• Private Medical Insurance
• Dental Scheme
• London Allowance (if applicable)
• 25 days holiday per year
• On Site Gym
• Subsidised Café
• Free soft drinks
• On site bar
• Access to cycle garage and showers
Equal Opportunity Statement:
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy or maternity, trade union membership or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.
Jobcode: Reference SBJ-rnjyw3-34-239-154-240-42 in your application.