M+E Technology Job Board
Information Security Manager
Sony Pictures
Information Security Manager
Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.
Overview:
Sony Pictures Entertainment is a leading creator and distributor of entertainment products, services and technology. Our global operations encompass motion picture production and distribution, television production, programming and syndication, home video acquisitions and distribution, operation of studio facilities, development of new entertainment technologies and distribution of filmed entertainment in over 70 countries.
The Information Security Manager will be based in London UK, reporting to the regional Information Security Director and will assist in the delivery of the Sony Pictures Entertainment information security program to offices and employees in the Europe, Middle East and Africa region.
The responsibilities of the Information Security Manager will include:
- Managing multiple aspects of the information security program, including policy, compliance, risk management, and ad-hoc consultancy to the business; reviewing and proposing changes to existing policies, standards and guidelines
- Engaging with business stakeholders to understand business practices; gathering and facilitating the convergence of business, technical and security requirements; liaising with IT to align the environment with existing and future requirements
- Risk assessing external entities (e.g. vendors, suppliers, partners, joint ventures); assisting with due diligence reviews of merger and acquisition deals
- Collaborating with IT to ensure security is factored into the evaluation, selection, installation and configuration of hardware, applications and software; researching technologies and identifying differentiators and integration challenges; providing technical and managerial expertise on maintenance and administration aspects
- Providing support and guidance on legal and regulatory compliance including data privacy
- Tracking and coordinating the remediation of security vulnerabilities
- Delivering security awareness training to employees
The Information Security Manager must have:
- Hands-on experience deploying and administering security products such as firewall, intrusion detection/prevention (IDS/IPS/UTM), web application firewall (WAF), advanced endpoint security, file integrity monitoring (FIM), data loss protection (DLP), and vulnerability scanning.
- Excellent understanding of information security concepts, protocols, industry best practices and strategies; analytical skills to evaluate security requirements and relate them to appropriate security controls
- Detailed knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an understanding of the business impact of security tools, technologies and policies
- Practiced proficiency in performing risk, business impact, control and vulnerability assessments; well-versed in network and web application vulnerability scanning; defining treatment strategies
- Proven track record of project management and reporting skills
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with IT, project and application development teams, management and business personnel; capable of building strong relationships and understanding business imperatives
- Hands-on experience deploying and administering IT systems such as identity management, authentication, DNS, configuration and hardening, event logging, and patch management
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
Some travel may be required within region, as well as to home office located in Los Angeles. Out-of-hours support may be required depending on nature of the operations.
Breakdown of Core Responsibilities:
40% Compliance; system platform validation; vulnerability management; reporting
30% Risk management; ad-hoc consultancy; requirements gathering
20% Policy exception handling; security awareness training
10% Reviewing processes, procedures, guidelines, and solutions
Qualifications and/or Experience Required:
- BA or BSc qualification
- Typically7 – 10 years’ experience in a similar role
Knowledge of:
- Industry and market intelligence in order to keep track of the latest hacking techniques, vulnerability disclosures, data breach incidents and security analysis techniques
- Existing and emerging exploits and techniques
- EU Privacy Directives, Safe Harbor and the Data Protection Act
- Payment card industry (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) standards
Skills in:
- Network architecture (routers, switches and load balancers)
- Security technologies (firewalls, IDS/IPS/UTM, advanced endpoint security, AV, FIM)
- Operating systems (Windows, OS X, Linux and UNIX)
- Application architecture (mainframes, databases, web, middleware, virtual)
- Software development (SDLC, compiled and interpreted languages, SVN)
- Network- and application-layer vulnerability and penetration testing methodologies using commercial and open source security testing tools
- Shell scripting (e.g. Bash, sed, grep, awk, Perl, Python, PHP, SQL)
- Documenting systems and procedures to the highest standard
- Reporting on assigned projects and providing regular updates
Ability to:
- Understand complex information security principles and apply them practically
- Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences and tracking progress towards resolution and compliance
- Take on new responsibilities and influence others as needed to deliver consistent results
- Strong verbal communications skills and concise written communication skills
- Strong organizational and multi-tasking skills
- Pick up new skills through self-learning and on the job training
- Innovate and stay current on security technologies
- Able to work independently or with minimal supervision
Successful candidates will also have the following Certifications/Licenses:
Requested:
1. Information security certification
- CISSP (Certified Information Systems Security Professional)
- CISA (Certified Information Security Auditor), or equivalent
Desirable:
2. Ethical hacking certifications
3. Incident and forensic security certifications
4. Vendor product certifications
Sony Pictures
Information Security Manager
Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.
Overview:
Sony Pictures Entertainment is a leading creator and distributor of entertainment products, services and technology. Our global operations encompass motion picture production and distribution, television production, programming and syndication, home video acquisitions and distribution, operation of studio facilities, development of new entertainment technologies and distribution of filmed entertainment in over 70 countries.
The Information Security Manager will be based in London UK, reporting to the regional Information Security Director and will assist in the delivery of the Sony Pictures Entertainment information security program to offices and employees in the Europe, Middle East and Africa region.
The responsibilities of the Information Security Manager will include:
- Managing multiple aspects of the information security program, including policy, compliance, risk management, and ad-hoc consultancy to the business; reviewing and proposing changes to existing policies, standards and guidelines
- Engaging with business stakeholders to understand business practices; gathering and facilitating the convergence of business, technical and security requirements; liaising with IT to align the environment with existing and future requirements
- Risk assessing external entities (e.g. vendors, suppliers, partners, joint ventures); assisting with due diligence reviews of merger and acquisition deals
- Collaborating with IT to ensure security is factored into the evaluation, selection, installation and configuration of hardware, applications and software; researching technologies and identifying differentiators and integration challenges; providing technical and managerial expertise on maintenance and administration aspects
- Providing support and guidance on legal and regulatory compliance including data privacy
- Tracking and coordinating the remediation of security vulnerabilities
- Delivering security awareness training to employees
The Information Security Manager must have:
- Hands-on experience deploying and administering security products such as firewall, intrusion detection/prevention (IDS/IPS/UTM), web application firewall (WAF), advanced endpoint security, file integrity monitoring (FIM), data loss protection (DLP), and vulnerability scanning.
- Excellent understanding of information security concepts, protocols, industry best practices and strategies; analytical skills to evaluate security requirements and relate them to appropriate security controls
- Detailed knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an understanding of the business impact of security tools, technologies and policies
- Practiced proficiency in performing risk, business impact, control and vulnerability assessments; well-versed in network and web application vulnerability scanning; defining treatment strategies
- Proven track record of project management and reporting skills
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with IT, project and application development teams, management and business personnel; capable of building strong relationships and understanding business imperatives
- Hands-on experience deploying and administering IT systems such as identity management, authentication, DNS, configuration and hardening, event logging, and patch management
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
Some travel may be required within region, as well as to home office located in Los Angeles. Out-of-hours support may be required depending on nature of the operations.
Breakdown of Core Responsibilities:
40% Compliance; system platform validation; vulnerability management; reporting
30% Risk management; ad-hoc consultancy; requirements gathering
20% Policy exception handling; security awareness training
10% Reviewing processes, procedures, guidelines, and solutions
Qualifications and/or Experience Required:
- BA or BSc qualification
- Typically7 – 10 years’ experience in a similar role
Knowledge of:
- Industry and market intelligence in order to keep track of the latest hacking techniques, vulnerability disclosures, data breach incidents and security analysis techniques
- Existing and emerging exploits and techniques
- EU Privacy Directives, Safe Harbor and the Data Protection Act
- Payment card industry (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) standards
Skills in:
- Network architecture (routers, switches and load balancers)
- Security technologies (firewalls, IDS/IPS/UTM, advanced endpoint security, AV, FIM)
- Operating systems (Windows, OS X, Linux and UNIX)
- Application architecture (mainframes, databases, web, middleware, virtual)
- Software development (SDLC, compiled and interpreted languages, SVN)
- Network- and application-layer vulnerability and penetration testing methodologies using commercial and open source security testing tools
- Shell scripting (e.g. Bash, sed, grep, awk, Perl, Python, PHP, SQL)
- Documenting systems and procedures to the highest standard
- Reporting on assigned projects and providing regular updates
Ability to:
- Understand complex information security principles and apply them practically
- Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences and tracking progress towards resolution and compliance
- Take on new responsibilities and influence others as needed to deliver consistent results
- Strong verbal communications skills and concise written communication skills
- Strong organizational and multi-tasking skills
- Pick up new skills through self-learning and on the job training
- Innovate and stay current on security technologies
- Able to work independently or with minimal supervision
Successful candidates will also have the following Certifications/Licenses:
Requested:
1. Information security certification
- CISSP (Certified Information Systems Security Professional)
- CISA (Certified Information Security Auditor), or equivalent
Desirable:
2. Ethical hacking certifications
3. Incident and forensic security certifications
4. Vendor product certifications