Information Security Risk Assessor
We are in the business of creativity… making some of the most beloved film and television of all time for every platform in the world. As the most creative and proudly independent studio, our future is boundless.
Sony Pictures Entertainment (SPE) is a division of Sony Corporation, a creative entertainment company built on a foundation of technology. Along with our sister companies, we make movies, television, music and games that engage billions of people, connecting creators and audiences around the globe. We are looking for innovators to join us as we forge the future of entertainment!
WHY WORK WITH US?
Our InfoSec Risk Management team is responsible for providing risk visibility to all of SPE and helping business stakeholders make informed risk decisions to ensure SPE information is protected in all our third-party engagements.
As a Risk Assessor, you are responsible for performing end-to-end security risk assessments. Due to the diversity of our businesses, you will get an opportunity to risk assess a broad spectrum of targets such as applications, technical environments, third parties, and workflows to help secure SPE's information assets. The Risk Assessor Role reports to the Director of Information Security Risk.
As a Risk Assessor you are the key contributor to helping Executives for all SPE business lines have visibility in the information security risks their businesses face. The business leaders rely on you to provide guidance on how to address the risks as well as validate that the risks are addressed to an acceptable level and as a result, SPE is more secure.
WHAT YOU'LL DO:
• Conduct comprehensive end-to-end information security risk assessments to identify, assess, and measure information security risks for systems, applications, facilities, technical environments, networks, projects, workflows, and third parties impacting IT and business initiatives globally across Sony Pictures and SPE subsidiaries
• Review new applications, emerging technologies and services and provide guidance to business stakeholders on the risk of reviewed targets
• Prepare risk assessment reports that drive management decision-making to address identified risks by risk reduction, acceptance, avoidance, and transfer
• Provide thoughtful and insightful advice to remediation owners in the formulation of risk treatment plans and ensure the risk treatment plans are in place and adhered to
• Present risks to executive management
• Manage relationships with security, technology, and business stakeholders and lead meetings to communicate information security risks and drive risk decisions from risk owners by providing multiple mitigation approaches.
• Contribute to and support continuing improvements and efficiencies in the risk program
• Leverage the ServiceNow GRC platform in carrying out risk activities (Risk assessment, remediation, etc.)
• Support vendor onboarding as needed by reviewing information security terms in third-party contracts
• Perform Business Impact Assessments to identify critical third parties and applications
WHAT YOU HAVE:
• Bachelor's degree in Business, Information Systems, Engineering, or equivalent work experience
• 5-7 years of experience performing information security risk assessments including technical, third-party and workflow assessments
• Familiarity with ISO 27000 family of standards and other risk frameworks such as NIST 800-53, ISO 31001
• Ability to communicate clearly and concisely with technical and non-technical teams across multiple businesses; written, verbal, presentation, and interpersonal skills.
• Highly self-motivated and able to work both independently and as part of a multi-disciplined team
• Good analytical, research, and problem-solving skills with a keen attention to detail
• Ability to work on multiple projects, with strong ability to adapt to dynamic work environment and to prioritize tasks accordingly
• Open to continuously learning to keep up with the fast-paced world of cyber security
• Trusted advisor to the business
• Ability to make decisions, use discretion and display sound judgement
NICE TO HAVE:
• Risk assessment experience of Cloud based technologies
• Entertainment industry experience preferred
• 3-5 years GRC experience preferred
• Broad knowledge of information security with a technical understanding of key security domains (e.g., architecture, networking, access management, cloud security) is preferred
HOW WE TAKE CARE OF YOU:
• Competitive salary, with annual bonus eligibility.
• A choice of comprehensive health plan options that fit your lifestyle.
• Immediate matching and vesting for your 401k plan.
• A wide array of innovative employee benefits to support you (and your family), including Student Loan Assistance, Identity Theft Protection and access to discounted Pet Insurance.
• Rest and recharge during a week off during the winter holidays, in addition to holidays, personal days and vacation time.
• Participate in extensive learning & development opportunities at all levels, including curated instructor-led classes and high impact online resources.
• Build your community by joining our Employee Volunteer Program, Employee Business Resource Groups, and/or Sony Pictures Action – our racial equity and inclusion strategy.
• Access to an employee online store filled with a variety of discounted Sony products.
• If you live near Culver City, enjoy all the amazing offerings at our beautiful Studio Lot, including multiple Commissaries with menus for every palate, a state-of-the-art gym and fitness program, as well as onsite medical, dental, mental health and nutrition professionals.
• Watch movies and TV shows at work(!), during employee screenings of our newest movies and TV shows
The anticipated base salary for this position is $115,500 to $154,500. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.
* Sony Pictures - CA - Culver City Area & Studios
Jobcode: Reference SBJ-g3bxxn-3-233-221-90-42 in your application.