VP, IT Security Operations and Controls

Job Description

VP, IT Security Operations and Controls

IT Security Operations and Control is responsible for managing key part of Security Operations tasks within Sony Pictures Entertainment (SPE) and its subsidiaries.

The VP of IT Security Operations and Control is accountable for the planning, strategy, implementation, and operations of all technologies related to Endpoint security (EPP/EDR), Active Directory Services (MS ESAE), Vulnerability Management, Application Security, Identity Access Management and IT Change Control group while specifically ensuring the availability, integrity, and security for all systems worldwide.

The VP of IT Security Operations and Control provides the direction and strategy for protecting the integrity of SPE's security posture, ensuring a Sony global comprehensive security programs is effectively implemented and managed. This position will also provide SPE's day-to-day security operations with 365x24x7 support, security operation enhancement, and development of standards, global implementation, and security technology purchase for the enterprise.

The VP of IT Security Operations and Control provides direction and strategy to operationalize the established SPE's security standard, controls, and requirements in partnership with Information Technology staff, including CIO and Information Security staff, including CISO.

Key responsibilities:
• Provides the execution and operation leadership of SPE IT information security programs, coordinating Sony/SPE information security standards and compliance across all SPE Corporate IT & Subsidiaries
• Design, build and implement in partnership with the SPE Information Security department, SPE's information security operations management programs in accordance with industry best practices and Sony global internal security policies & standards
• Provides insightful, concise metrics, reporting and analytics of risk posture to executives in Information Technology and Information Security.
• Leads SPE's Vulnerability Management, Application Security, IT Change Management, Active Directory Services, Identity Access Management, and global Endpoint management security activities in close collaboration with SPE's Information Security teams, ensuring clear and measurable security operations are executed, and a clear operation metric methodology is in place to allow consistent compliance across all areas.
• Provide remediation support by collaborating with the technology owners for any security incident management in partnership with SPE Information Security Incident Response team and Sony Global Security Incident and Response Team (GSIRT).
• Measures and report the established global Sony Vulnerability Management policy key performance indicators and proactively reports to SPE's executive stakeholders including SPE CISO and CIO on performance of Vulnerability Management programs.
• Provide proactive and reactive Application Security Testing (SAST/DAST) services and integrate them into existing IT software development lifecycle (SDLC).
• Ensure proper Access Management is in place for all SPE's internal and external applications (Single Sign On, MFA, and Directory Services) by implementing, maintaining, and supporting the SPE's Identity Access Management platform and security.
• Manages various technology owners, IT, and Information Security support staff in a direct and matrix team structure and provides leadership to support complex and ever-evolving operational requirements
• Govern the entire change management process, establishment and maintenance of CAB (Change Advisory Board), CMDB (Configuration Management Database), and global communication around any operations changes in IT.
• Seek funding for projects, and approves project designs and cost estimates. Reports projects' status and critical issues to IT senior management.
• Set objectives and priorities and ensure the effective allocation and use of department resources.
• Work to develop employees' skills, evaluates performance, provide feedback, and lead by example, making the workplace of choice for top security operations professionals.
• Sponsor and facilitate security operation initiatives that significantly improve our ability to monitor, audit, and comply with SPE/Sony's security policy and standards.
• Establish, communicate, and administer short and long-term strategies in coordination with all other IT and Information Security management.
• Define, track, tune, and report on KPIs relevant to SPE's IT Security Operations program.
• Effectively budget and forecast capital, labor, and non-labor budgets.
• Represent IT Security Operations duty in cross-functional meetings and projects.
• Prepare for, implement, and communicate any new changes in SPE/Sony's IT Security initiatives and processes within the assigned team.

Core Responsibilities
• Manage the IT Security Operations teams and managed service providers. Work closely with IT support staff, business technology owners, Information security staff, and regional organizations to ensure that Security Operations programs are delivered. Effectively direct managed service providers, thru service metrics, service level objectives, operating level agreements, and enterprise-wide KPIs. Oversee compliance and adherence of Sarbanes Oxley controls, IS-GISS, and security/ audit initiatives. Provide SPE IT and InfoSec leadership in all relevant client engagements, both within SPE and across subsidiaries.
• Manage financials, schedules, and risks for assigned IT Security Operation projects, enhancements, maintenance, and support activities and services. Provides strategic technology initiatives, recommends security enhancements, and cost optimization as well as maintains security posture worldwide.
• Provides coaching, mentoring, and training opportunities to staff members. Responsible for developing effective working relationships with clients and all other IT and InfoSec departments.
• Administers performance appraisals, merit increases, promotions, development plans and opportunities, training and vacation tracking for direct reports.

Qualifications:
• 10+ years of relevant experience in information technology, information security, or directly related field
• 10+ years of Security technology operations such as Endpoint Protection, Vulnerability Management, Identity Access Management, or any relevant fields
• Proven ability to successfully operate in a matrix organization where partnership and influence are key drivers of success
• Demonstrated ability to manage the day-to-day tasks of diverse teams while effectively influencing senior management on key decisions and direction
• Expert with vulnerability analysis processes and best practices
• Expert in establishing and managing control inventories and performing effectiveness reviews
• Proven ability to inspire, motivate and lead a team to produce quality work in the development of solutions
• Ability to connect and influence others to achieve organizational priorities
• Experience leading large organization-wide security initiatives
• Ability to develop teams and mentor staff
• Ability to develop geographically and otherwise diverse highly technical teams
• Ability to communicate effectively to executive leadership in both business and technology roles
• Exceptional critical thinking, strategic planning, and process management skills
• Excellent written and verbal communication skills
• Excellent presentation and group dynamics skills
• Proven excellence in client/partner relationship management with senior executives

Proactive at finding solutions to complex problems

USA - Culver City - Studio Lot - CA01

Jobcode: Reference SBJ-rny981-18-117-91-153-42 in your application.