Senior Manager, Information Security

Job Description

Senior Manager, Information Security

Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.

Here at Sony Pictures, we are in the business of creativity… making some of the most beloved film and television of all time for every platform in the world. As the most creative and proudly independent studio, our future is boundless.

Sony Pictures Entertainment is a division of Sony Corporation, a creative entertainment company built on a foundation of technology. Along with our sister companies, we make movies, television, music and games that engage billions of people, connecting creators and audiences around the globe. We are looking for innovators to join us as we forge the future of entertainment!

The Information Security Manager, EMEA will act as the Technical Information Security Risk Lead and is responsible for the operational management of Information Security risk, across all operating entities, lines of business (LOB) and corporate service platforms in EMEA. The role will work closely with functional Program owners and is critical in enhancing our organization's information security posture by acting as a technical Subject Matter Expert (SME) for risk assessments and conducting design and implementation reviews of information systems and platforms. This role is pivotal in supporting security by design, identifying and mitigating security risks, ensuring compliance with industry standards and regulations, and maintaining the confidentiality, integrity, and availability of data.

What you'll do:

Program Delivery
• Provide advice and support to ensure the successful delivery of the global projects and initiatives within the EMEA region.
• Assist the Executive Director with the creation and ownership of EMEA Information Security vision components and measurements of success.

Risk Management
• Responsible for risk management activities including identification, assessment, management, review and reporting of risks and opportunities.
• Provide guidance and support to technical teams in implementing security controls and measures.
• Primary technical point of contact for all subsidiaries within the EMEA region.
• Monitor and report on the effectiveness of subsidiary's information security controls, ensuring they are fit for purpose, proportionate to the level of risk.
• Conduct risk assessments of critical vendors and key partners.
• Engage with business stakeholders to understand business practices, gathering and facilitating the convergence of business, technical and security requirements.
• Collaborate with IT to ensure security is factored into the evaluation, selection, installation and configuration of hardware, software, and applications.
• Serve on Risk Program Operating Committee to support and advise on global risk program and risk platform, as well as ensure appropriate level of standardization across regions.

Production Security
• Responsible for delivery of the content security program within region, working with key business stakeholders and the content security team in LA to provide advice and guidance to all EMEA productions.
• Collaborate with the Production Security team in LA, to support the strategic planning, delivery, management, and continuous improvement of the Production Security Program.
• Responsible for the security review of production and post-production workflows and development of technical security documentation for non SPE content handling systems, including hardening and configuration guidelines for secure implementation.
• Collaborate with the incident response team to manage the investigation of content leaks, identify root cause and remediation steps to prevent recurrence.
• Identify and build a comprehensive network within the production/content security community.
• Build relationships as a trusted business partner with production executives and act as the focal point for delivery of information security services within region.

Information Security Management System (ISMS)
• Support the development and delivery of the SPE global ISMS implementation plan, outlining activities, timelines, milestones, and success criteria.
• Act as a technical SME to support a Gap Analysis of security requirements specified in the SPE Statement of Applicability (SOA).
• Responsible for ensuring the Sony ISMS and subsequent SPE policies and standards are implemented for EMEA subsidiaries.
• Conduct security reviews of EMEA subsidiary technical environments during integration period and ongoing as needed.

Training and Awareness
• Support the delivery of information security training & awareness within region.
• Participate in the planning for the global information security training and awareness program.
• Develop, deliver, and manage an EMEA InfoSec Intern program with clearly defined curriculum including learning objectives, On the Job Training (OJT) and certifications.

What you have:
• Ideally have certifications in CISSP, CRISC, CIS LI, AWS CSA/ AWS CSS.
• Excellent verbal, written and interpersonal communication skills with the ability to communicate effectively with IT, project and development teams, management, and business stakeholders.
• Developing and delivering employee training programs. Skilled in articulating information security policies, procedures, and guidelines to all levels of management and staff.
• Practiced proficiency in performing risk, business impact, control, and vulnerability assessments.
• Strong organizational, project management and multi-tasking skills with a successful track record of managing expectations, delivering results, and meeting milestones and deadlines.

Knowledge of:
• Information risk concepts and principles as a means of relating business needs to security controls; an understanding of the business impact of security tools, technologies, and policies.
• Security architecture, including secure network design, encryption, access controls, and security frameworks (e.g., NIST Cybersecurity Framework)
• Network architecture (routers, switches, and load balancers).
• Security technologies (firewalls, IDS/IPS/UTM, advanced endpoint security, AV, FIM).
• Operating systems (Windows, OS X, Linux, and UNIX). and Application Security, Vulnerability Scanners and Penetration Testing.
• Identity and Access Management (IAM): Managing user identities, access controls, single sign-on (SSO), and multi-factor authentication (MFA).

How we take care of you:
• Competitive salary, with annual bonus eligibility.
• A choice of comprehensive health plan options that fit your lifestyle including private medical insurance.
• Rest and recharge during a week off during the winter holidays, in addition to the 25 days of paid annual leave.
• Participate in extensive learning & development opportunities at all levels, including curated instructor-led classes and high impact online resources.
• Build your community by joining our Employee Business Resource Groups, and/or Sony Pictures Action – our racial equity and inclusion strategy.
• Access to an employee online store filled with a variety of discounted Sony products.
• Watch the newest movies and TV shows at our exclusive employee screenings at work.
• Entitlement to apply for an interest-

[more...]

Jobcode: Reference SBJ-dy24b3-18-190-219-46-42 in your application.