Job Description
Information Security Senior Technical Risk Assessor
The Information Security Senior Technical Risk Assessor reports to the Director of Information Security Risk and is responsible for performing end-to-end cyber security risk assessments of vendors, applications, technical environments, third parties, and workflows to help secure SPE's information assets.
The Senior Technical Risk Assessor will be responsible for delivering high-quality risk assessment reports, reading out to C level executives. The Technical Risk Assessor will work closely with all Information Security functional areas, SPE corporate groups and business groups, as well as the Sony Global Information Security Department.
Core Responsibilities
• Risk Management
• Conduct comprehensive end to end cyber security risk assessments to identify, assess, and measure information security risks for systems, applications, facilities, technical environments, networks, projects, workflows and third parties impacting IT and business initiatives globally across Sony Pictures and SPE subsidiaries
• Prepare risk assessment reports that drive management decision making to address identified risk by risk reduction, acceptance, avoidance, and transfer
• Present cyber security risk to executive management
• Provide thoughtful and insightful advise to remediation owners in formulation of risk treatment plans and ensure the risk treatment plans are in place and tracked to closure
• Manage relationships with security, technology, and business stakeholders and lead meetings to communicate security risks and drive risk decision from risk owners by providing multiple mitigation approaches.
• Review new applications, emerging technologies and services and provide guidance to business stakeholders on risk of reviewed targets
• Leverage the ServiceNow GRC platform in carrying out risk activities
• Support vendor onboarding as needed by reviewing security terms in contracts with third parties
• Provide the content community with InfoSec services as needed
• Provide ad hoc Risk Program support
• Operations Management
• Contribute to development of strategy and plans for Information Security initiatives
• Develop and provide KPIs and metrics for the Risk Program
• Contribute to and support continuing improvements and efficiencies in the risk program
• Identify and support ServiceNow GRC platform improvements and enhancements
Job Requirements
• Bachelor's degree in Business, Information Systems, Engineering, or equivalent work experience
• 5-7 years of experience performing cyber security risk assessments including technical, third-party and workflow assessments
• Entertainment industry experience preferred
• 3-5 years GRC experience preferred
• Broad knowledge of information security with a technical understanding of key security domains (e.g., architecture, networking, access management, cloud security) is preferred
• Familiarity with ISO 27000 family of standards including 27001 and 27005 and other risk frameworks such as NIST, ISO 31001
• Ability to communicate clearly and concisely with technical and non-technical teams across multiple businesses; written, verbal, presentation, and interpersonal skills.
• Familiarity with one or more of the following is preferred: IP networks infrastructure (network topology, networking technologies), databases and operating systems, AWS or Azure implementation, SaaS assessments
• Must be highly self-motivated and able to work both independently and as part of a multi-disciplined team
• Good analytical, research, and problem-solving skills with a keen attention to detail
• Ability to work on multiple projects, with strong ability to adapt to dynamic work environment and to prioritize tasks accordingly
• Good oral and written communication skills
• Ability to make decisions, use discretion and display sound judgement
* Sony Pictures - CA - Culver City Area & Studios
Jobcode: Reference SBJ-rb5qmk-3-84-231-140-42 in your application.