Working with the Senior Director, Enterprise Risk, this role will support the US Head Office Enterprise and PlayStation Studios and collaborate closely with the wider SIE and Sony Group Information Security teams.
What you'll be doing:
Responsible for the line management of the US Enterprise Risk team, you will set the goals and objectives for the US Studios and Enterprise Risk Management team in alignment with the security organizations overall goals and objectives. Leading by example, you will ensure that InfoSec requirements are embedded within the organisation, working with Project teams to manage risk and provide regular compliance reporting to Business Sponsors and InfoSec Senior Leadership.
Work with regional counterparts to own the Information Security Management System and security risk register process, utilising various risk assessment methodologies (identifying information security risks and risk treatment actions and advancing them through appropriate management channels) and managing appropriate treatment activity. Utilising GRC tools and methodology, you will define, implement, manage and report on key risk processes as it relates to critical systems, third parties and projects.
Establish trusted, collaborative partnerships across the SIE Business, IT and PlayStation Studios and work with technical teams, partners and leadership teams to translate security risk treatment plans into actionable items to mitigate risk.
As part of this role, you will prepare metrics and compliance reports demonstrating progress against departmental and security goals and provide regular reporting of current risk, issues and project status to the PlayStation Studios and Enterprise Information Security Officer and Senior InfoSec Leaders. As part of regular communications with key partners, you will provide metrics and reporting of risk posture across divisional scopes.
What we are looking for:
• Demonstrable knowledge and experience of current information security standards, risk methodologies and relevant legal, financial and regulatory requirements.
• Experience of managing security within a media environment would be highly desirable.
• Stakeholder management experience is crucial.
• Demonstrable experience of the creation and delivery of reporting as it relates to risk and compliance.
• Willingness to travel (up to 20%)
Experience and Qualifications:
• The ideal candidate will have significant experience working in the information security space and managing a security risk and compliance team.
• Able to communicate and discuss technical information in a way that establishes rapport, persuades others, and gains understanding
• Proven organizational and project management skills; especially in a multi-functional environment
• Strong knowledge of security technology and risk assessment methodologies, policies and processes
• Knowledge of and experience of cyber threats, penetration testing, and vulnerability assessments
• Understanding of cloud security controls and associated risks
• A degree in the field of computer science, IT or Information Security
• Experience in security standards such as ISO 27001, 27002, 27005; NIST, COBIT, ITIL
• Technical certifications within the area Security are a strong plus (CISSP, CRISC, CBCP, CISM or equivalent)
At SIE, we consider several factors when setting each role's base pay range, including the competitive benchmarking data for the market and geographic location.
Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location.
In addition, this role is eligible for SIE's top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.
The estimated base pay range for this role is listed below.
$179,200 - $268,800 USD
Equal Opportunity Statement:
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy or maternity, trade union membership or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.
Jobcode: Reference SBJ-g4e777-34-239-173-144-42 in your application.