Information Security Assurance Analyst

Job Description

As an Information Security Assurance Analyst, you will be a part of the team responsible for implementing and maintaining an enterprise-wide risk and compliance strategy to secure Sony Music's information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of Sony Music's customers and employees.

The ideal candidate is a driven team-player with experience working in a dynamic environment and the ability to wear multiple hats in the information security realm. Candidate should have a proven history of policy design and security awareness delivery in one or more security domains. The candidate should have experience in risk management techniques including control assessments, gap analysis, external or internal audit, risk management concepts and risk assessment methodologies. Candidate should be able to leverage multiple forms of communication to articulate complex concepts with proficiency to both technical contributors and executive management.

What you'll do:
• Conduct periodic reviews with business owners to re-assess the information security classification and criticality ratings of information assets.
• Conduct regular reviews of risk assessments, findings, and remediation records to ascertain actions conform to SME's ISMS obligations
• Provide informed decisions to management concerning the potential risks to the business and work with business owners and project managers to mitigate risk.
• Support the development and enhancement of processes to ensure compliance with applicable information security requirements; participate in the development and maintenance of supporting procedures.
• Assist in developing and providing KPIs and metrics for Information Security program and initiatives.
• Develop and manage security compliance dashboards and reports for internal stakeholder
• Manage compiling weekly, monthly and quarterly metrics and reporting with regard to the current state of SME's information security program and specific projects/activities
• Monitor and participate in mid-range planning exercises and risk and metrics committees
• Evaluate the design effectiveness of controls based upon industry best practice models
• Leverage existing eGRC tools to manage treatment plans and policy exceptions, and assist in the overall maturity of the program

Who you are:
• Candidates will have a four-year degree relating to information technology, compliance, information management, and/or information security and a minimum of 5 year's work experience.
• Experience in information security control assessments, audit, or compliance
• Bachelor's degree, preferably in Computer Science or a related field, such as business administration or management information systems, or equivalent experience
• Big 4 experience preferred (Deloitte, PwC, KPMG, E&Y)
• CISSP, CISM, CAPM, PMP, Lean Six Sigma, PRINCE2, or ITIL certification(s) preferred
• Knowledge of project and program management preferred
• Experience with GRC tools, such as RSA-Archer preferred
• Significant experience with MS Office, especially Excel and PowerPoint, required
• Ability to address multiple assignments simultaneously, with strong ability to prioritize tasks and respond to dynamic priorities
• Excellent writing and analytical skill set
• Strong analytical and research skills with a keen attention to detail.
• Adept at learning new technologies.
• Ability to handle simultaneous projects, prioritize tasks and meet deadlines.
• Strong written and verbal communication skills and the ability to interact well with different levels within the organization.
• Ability to host, present, and facilitate meetings to all levels of management.
• Ability to work well in a collaborative, team-oriented environment.

What we give you:
• You join an inclusive, collaborative and global community where you have the opportunity to fuel the creative journey
• A modern office environment designed to foster productivity, creativity, and teamwork
• An attractive and comprehensive benefits package including medical, dental, vision, life & disability coverage, and 401K + employer matching
• Voluntary benefits like company-paid identity theft protection and resources for pets, mental health and meditation resources, industry-leading fertility coverage, fully paid leave for childbirth or bonding, fully paid leave for caregivers, programs for loved ones with developmental disabilities and neurodiversity, subsidized back-up child and elder care, and reimbursement for adoption, surrogacy, tuition and student loans
• We invest in your professional growth & development
• Time off for a winter recess

Jobcode: Reference SBJ-d978n4-3-142-53-68-42 in your application.