This job has expired, please see additional jobs below
Director, Risk and Incident Management
Sony Music Entertainment
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Sony Music Entertainment is a global recorded music company with a roster of current artists that includes a broad array of both local artists and international superstars, as well as a vast catalog that comprises some of the most important recordings in history. Sony Music Entertainment is a wholly owned subsidiary of Sony Corporation of America.
Sony Music is committed to providing equal employment opportunity for all persons regardless of age, disability, national origin, race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, veteran or military status, genetic information or any other status protected by applicable federal, state, or local law.
The Director, Risk and Incident Management will enhance the IT risk management and incident response process across Sony Music Entertainment and will be responsible for identifying and managing potential areas of information security risk as well as leading a global incident response program. The Director, Risk and Incident Management will be responsible for responding to events and incidents that affect the confidentiality, integrity, and availability of Sony Music information and systems. The Director, Risk and Incident Management will represent and promote Sony Music’s security needs and continuously monitor security threats, market trends, and industry best practices to ensure the company maintains a risk-based approach to its security practices.
The Director, Risk and Incident Management must be comfortable in communicating across a global business and amongst all management levels up to (and including) C-level and have worked in a lead security role with a particular focus on incident management and risk analysis.
The ideal candidate is innovative, resourceful, and self-directed, and enjoys working in a rapidly changing security environment.
Essential Duties & Responsibilities:
• Manage and enhance the global incident reporting and response system.
• Identify and manage existing and potential information security risks that can affect Sony Music
• Respond to information security threats and incidents.
• Coordinate and liaise with investigative response, forensic and legal teams as appropriate.
• Provide direction on the continued development and maintenance of SME’s Information Security management system including Security policies, standards and procedures.
• Work closely with key divisions responsible for SME’s information assets, data custodians and governance groups in the development and maintenance of such policies while ensuring compliance with all company, regulatory and legal requirements.
• Assist in security due diligence and integration for Sony Music’s 3rd parties, acquisitions and partnerships.
• Work with Application & Infrastructure Security personal to conduct regular risk assessments, and advise on acceptable levels of risk
• Communicate risk posture to senior management and business units as required.
Qualifications:
• 5+ year’s experience in Information Security.
• A valid CISSP certification.
• Bachelor’s degree, preferably in a related course of study.
• Experience in managing Information Security using ISO27001 ISMS.
• Experience with RSA Archer eGRC Platform service tools preferred or good expertise in similar IT GRC platforms.
• Experience with security challenges and opportunities in the cloud and 3rd party services space.
• Experience with network security architectures that provide authentication, authorization, accounting, integrity and availability (wireless, encryption, identity management, network access controls).
• Experience with vulnerability management and risk assessment frameworks (ISO, NISD, PCI).
• Demonstrated ability to work with automated security analysis tools (i.e., NTO, Qualys, AppScan, Web Inspect, Ounce Labs Security Analyst, Fortify).
• Knowledge of common web development platforms and content management systems and frameworks (.NET, PHP, Drupal, Ruby, Wordpress) and related security challenges.
• Good knowledge of infrastructure security tools, designs, and best practices.
• Strong knowledge of outsourcing and managed service implementations.
• Strong written and oral communications skills – comfortable C-level communication.
• Ability to effectively present information, interact with, and respond to questions from groups of managers, employees and vendors.
• Ability to work effectively as a member of multiple teams.
• Ability to understand computer and datacenter technologies within an enterprise environment.
• Good time management skills.
• Self-motivated and highly organized.
• Prior experience in music/media industries and consulting preferred.
• Strong analytical skills.
• Adept at learning new technologies.
• Ability to handle simultaneous projects, prioritize tasks and meet deadlines.
• Strong written and verbal communication skills and the ability to interact well with different levels within the organization.
• Ability to work well in a collaborative, team oriented environment.
• Excellent organizational skills and attention to detail.