Senior Manager, Vulnerability Management

Job Description

Senior Manager, Vulnerability Management

The Senior Manager, Information Security will report to the Director of Cyber Security Operations and is responsible to oversee multiple functional teams including vulnerability management. The ideal candidate is looking for a leadership position and can mentor and grow their team(s) while acting as an SME for vulnerability management.

Must have a positive, results oriented attitude; able to mentor and teach team members and are also open to learning new concepts.

The person will identify and optimize existing program operations based on health of technology systems, initiatives, integration, and continued monitoring of the state of technical vulnerability assessment and remediation effort.

The Senior Manager, Information Security will work with the team to generate vulnerability reporting to drive actions by all levels of the organization including executive management. Additionally, the person will define the prioritization of remediation activities, optimize the remediation efforts in a risk-based approach within a dynamic environment.

Core Responsibilities:

Vulnerability Management Program Oversight
• Oversee and support the continuous improvement of the vulnerability management program initiatives, process and technology integration, and technical assessment.
• Enhance technology and/or process to validate inventory of critical infrastructure and applications are in place.
• Identify roadmap, budget, and priorities relative to infrastructure and application security assessments.

Vulnerability Assessment and Remediation
• Direct and/or perform on-going vulnerability assessments, penetration tests, and application and network security scans. Direct assessment efforts in a prioritized fashion, seeking breadth and depth of coverage where appropriate.
• Create reports and present to executive management with factual documentation of issues identified and clear recommendation for mitigation of found vulnerabilities.

Information Security Risk Management
• Assess, document and validate the vulnerability management practices across business to ensure compliance against company policy and standards are met.
• Partner with teams who implement technology and achieve methods for aligning to their processes and reduce vulnerabilities.
• Assess possible risks to proposed changes to the SPE environment, and if needed recommend alternative solution, or mitigating security controls.
• Support technical assessments of 3rd party vendors, and vulnerability assessment of subsidiary business through M&A or post-acquisition activity.

Qualifications:
• Bachelor's Degree in technology or other related field from an accredited university or college; or equivalent work experience in Information Security and Business/Risk Management.
• Minimum 8-10 years Information Security experience, focused on risk analysis, identification, and vulnerability assessment and penetration testing. Media and Entertainment industries experience is a plus. Degree in Computer Science or a related field is desirable.
• Minimum of five (5) years of experience in the secure design and implementation of information systems.
• Minimum three (3) years of experience as an information security manager, lead, or equivalent.
• One or more of the following professional certifications: CISA, CISM, CEH, CISSP, or SANS.
• Demonstrated success in security and vulnerability management within global enterprise environments.

Knowledge:
• Experience in networking and information security related devices, routers, switches, IDS/IPS, firewalls, SIEM, and other specialized equipment. Splunk experience preferred.
• Strong understanding of ISO 27001, including practical experience implementing and auditing an information security management system.
• Understanding of Security and Infrastructure Architecture/Technologies: including but not limited to Routers, Firewalls, IDS, PKI, VPN, Two Factor Authentication, Identity Management, Data Leak Prevention, Encryption, Application Security, Vulnerability Scanners, Penetration Testing, Windows and Unix Systems Security.
• Ability to adapt to a high paced work environment and to handle multiple tasks simultaneously and follow through tasks to completion.
• Strong understanding of Networking protocols and security related architecture.
• Efficient in multiple operating systems including Windows, OSX, and Linux.
• Ability to scrutinize complex and diverse information and transform details and facts into recommendations and action plans.

Skills:
• Direct and drive initiatives through diverse teams and organizations to ensure an effective and compliant program.
• Ability to implement process and technologies that make efficient use of vulnerability related data for the purposes of discovery and reporting.
• Ability to conduct penetration testing, application and network scanning, source code analysis.
• A keen ability to identify and communicate practical risk regarding technical security vulnerabilities to both technical and non-technical audiences.
• Capable of performing vulnerability analysis upon report results or zero-day announcements, manage communications, and ensure timely remediation.
• Author/utilize tools/scripts to manually validate or test vulnerabilities when no public utilities exist.
• Ability to manage 3rd party partners to meet SLAs and commitments.
• Results oriented cross-functional leadership with proven success partnering with internal and external stakeholders.
• Outstanding written, verbal, and presentation communications skills.
• Executional excellence – consistently deliver programs to successful outcomes in a fast-moving environment.
• Excellent interpersonal communication, project management and leadership skills. Must be able to communicate effectively and tactfully with all levels of personnel (in person, on the telephone and through written communication). Unwavering passion, commitment, and persistence to the business, customers and technology.
• Ability to efficiently achieve security requirements in an effective partnership with the independent teams who are responsible for software development and system administration.
• Attention to detail with flexibility in addressing changing requirements.

Bonus Skills:
• Splunk, Qualys, O365, McAfee, DLP

Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.

​

* Sony Pictures - CA - Culver City Area & Studios

Jobcode: Reference SBJ-d86kw6-18-216-190-167-42 in your application.