M+E Technology Job Board
Senior Manager, Information Security Vulnerability Management
Sony Pictures
Senior Manager, Information Security Vuln Mgmt
The Senior Manager, Information Security will report to the Vice President, Information Security and is responsible for the state of vulnerability management across multiple operating environments, assets, products, and services. The person in this role will maintain and optimize existing vulnerability management program operations while supporting vulnerability management systems, initiatives, integration, and technical vulnerability assessment and remediation.
The Senior Manager, Information Security will generate vulnerability reporting to drive appropriate actions by all levels of the organization including executive management. Additionally, the person will define the prioritization of remediation activities, optimizing the remediation efforts in a dynamic environment.
Responsibilities:
- Oversee and support the development of vulnerability management systems, initiatives, integration, and technical assessment.
- Direct and/or perform on-going vulnerability assessments, penetration tests, and application and network security scans. Direct assessment efforts in a prioritized fashion, seeking breadth and depth of coverage where appropriate.
- Partner with teams who implement technology and achieve methods for aligning to their processes and reduce vulnerabilities.
- Enhance technology and/or process to ensure accurate and up to date inventory of critical infrastructure and applications are in place.
- Identify roadmap, budget, and priorities relative to infrastructure and application security assessments.
- Serve as an internal information security consultant to the organization. Assist in the review of applications and/or technology environments to assess information security risk.
- Support information security compliance and risk management activities to meet the vulnerability management policy, standards, and requirements
- Support technical assessments of 3rd party vendors and mergers/acquisitions.
Core Responsibilities:
- 50% 1. Drive the on-going implementation and operation of Vulnerability management program following the guidelines of Global Information Security Standards as it pertains to Vulnerability Management.
- 30% 2. Plan and carry out vulnerability scans and penetration testing campaigns. Create reports and present to executive management with factual documentation of issues identified and clear recommendation for mitigation of found vulnerabilities.
- 10% 3. Assess, document and validate the vulnerability management practices across business to ensure compliance against company policy and standards are met.
- 10% 4. Assess possible risks to proposed changes to the SPE environment, and if needed recommend alternative solution, or mitigating security controls.
Certifications:
- CISSP (Certified Information Systems Security Professional)
Optional Certifications:
- cISM
- CISA
- CEH
- SANS GIAC
Position should be certified in or have demonstrable experience with ISO27001/27002/27005
Knowledge and Experience
- Minimum 5 years Information Security experience, focused on risk analysis, identification, and vulnerability assessment and penetration testing. Entertainment industries experience a plus. Degree in Computer Science or a related field is desirable.
- Thorough understanding of ISO 27001, including practical experience implementing and auditing an information security management system.
- Understanding of Security and Infrastructure Architecture/Technologies: including but not limited to Routers, Firewalls, IDS, PKI, VPN, Two Factor Authentication, Identity Management, Data Leak Prevention, Encryption, Application Security, Vulnerability Scanners, Penetration Testing, Windows and Unix Systems Security.
- Ability to adapt to a high paced work environment and to handle multiple tasks simultaneously, and follow through on tasks to completion.
- 5 or more years of experience in networking and information security related devices, routers, switches, IDS/IPS, firewalls, SIEM, and other specialized equipment.
- Thorough understanding of Network protocols and security related architecture.
- Efficient in multiple operating systems including Windows, OSX, and Linux.
- Ability to scrutinize complex and diverse information and transform details and facts into recommendations and action plans.
Skills
- Direct and drive initiatives through diverse teams and organizations to ensure an effective and compliant program.
- Ability to implement process and technologies that make efficient use of vulnerability related data for the purposes of discovery and reporting.
- Ability to conduct penetration testing, application and network scanning, source code analysis.
- A keen ability to identify and communicate practical risk regarding technical security vulnerabilities to both technical and non-technical audiences.
- Capable of performing vulnerability analysis upon report results or zero day announcements, manage communications, and ensure timely remediation.
- Author/utilize tools/scripts to manually validate or test vulnerabilities when no public utilities exist.
- Ability to manage 3rd party partners to meet SLAs and commitments.
- Results oriented cross-functional leadership success partnering with internal and external stakeholders.
- Outstanding written, verbal, and presentation communications skills.
- Executional excellence – consistently deliver programs to successful outcomes in a fast moving environment.
- Excellent interpersonal communication, project management and leadership skills. Must be able to communicate effectively and tactfully with all levels of personnel (in person, on the telephone and through written communication). Unwavering passion, commitment, and persistence to the business, customers and technology.
- Ability to efficiently achieve security requirements in an effective partnership with the independent teams who are responsible for software development and system administration.
- Attention to detail with flexibility in addressing changing requirements.
Qualifications
- Bachelor’s Degree in technology or other related field from an accredited university or college; or equivalent work experience in Information Security and Business/Risk Management.
- Minimum of five (5) years of experience in the secure design and implementation of information systems.
- Minimum three (3) years of experience as an information security manager, lead, or equivalent
- One or more of the following professional certifications: CISA, CISM, CEH, CISSP, or SANS.
- Demonstrated success in security and vulnerability management within global enterprise environments.
- Strong record of steady career progression.
- Excellent references upon request.
Sony Pictures
Senior Manager, Information Security Vuln Mgmt
The Senior Manager, Information Security will report to the Vice President, Information Security and is responsible for the state of vulnerability management across multiple operating environments, assets, products, and services. The person in this role will maintain and optimize existing vulnerability management program operations while supporting vulnerability management systems, initiatives, integration, and technical vulnerability assessment and remediation.
The Senior Manager, Information Security will generate vulnerability reporting to drive appropriate actions by all levels of the organization including executive management. Additionally, the person will define the prioritization of remediation activities, optimizing the remediation efforts in a dynamic environment.
Responsibilities:
- Oversee and support the development of vulnerability management systems, initiatives, integration, and technical assessment.
- Direct and/or perform on-going vulnerability assessments, penetration tests, and application and network security scans. Direct assessment efforts in a prioritized fashion, seeking breadth and depth of coverage where appropriate.
- Partner with teams who implement technology and achieve methods for aligning to their processes and reduce vulnerabilities.
- Enhance technology and/or process to ensure accurate and up to date inventory of critical infrastructure and applications are in place.
- Identify roadmap, budget, and priorities relative to infrastructure and application security assessments.
- Serve as an internal information security consultant to the organization. Assist in the review of applications and/or technology environments to assess information security risk.
- Support information security compliance and risk management activities to meet the vulnerability management policy, standards, and requirements
- Support technical assessments of 3rd party vendors and mergers/acquisitions.
Core Responsibilities:
- 50% 1. Drive the on-going implementation and operation of Vulnerability management program following the guidelines of Global Information Security Standards as it pertains to Vulnerability Management.
- 30% 2. Plan and carry out vulnerability scans and penetration testing campaigns. Create reports and present to executive management with factual documentation of issues identified and clear recommendation for mitigation of found vulnerabilities.
- 10% 3. Assess, document and validate the vulnerability management practices across business to ensure compliance against company policy and standards are met.
- 10% 4. Assess possible risks to proposed changes to the SPE environment, and if needed recommend alternative solution, or mitigating security controls.
Certifications:
- CISSP (Certified Information Systems Security Professional)
Optional Certifications:
- cISM
- CISA
- CEH
- SANS GIAC
Position should be certified in or have demonstrable experience with ISO27001/27002/27005
Knowledge and Experience
- Minimum 5 years Information Security experience, focused on risk analysis, identification, and vulnerability assessment and penetration testing. Entertainment industries experience a plus. Degree in Computer Science or a related field is desirable.
- Thorough understanding of ISO 27001, including practical experience implementing and auditing an information security management system.
- Understanding of Security and Infrastructure Architecture/Technologies: including but not limited to Routers, Firewalls, IDS, PKI, VPN, Two Factor Authentication, Identity Management, Data Leak Prevention, Encryption, Application Security, Vulnerability Scanners, Penetration Testing, Windows and Unix Systems Security.
- Ability to adapt to a high paced work environment and to handle multiple tasks simultaneously, and follow through on tasks to completion.
- 5 or more years of experience in networking and information security related devices, routers, switches, IDS/IPS, firewalls, SIEM, and other specialized equipment.
- Thorough understanding of Network protocols and security related architecture.
- Efficient in multiple operating systems including Windows, OSX, and Linux.
- Ability to scrutinize complex and diverse information and transform details and facts into recommendations and action plans.
Skills
- Direct and drive initiatives through diverse teams and organizations to ensure an effective and compliant program.
- Ability to implement process and technologies that make efficient use of vulnerability related data for the purposes of discovery and reporting.
- Ability to conduct penetration testing, application and network scanning, source code analysis.
- A keen ability to identify and communicate practical risk regarding technical security vulnerabilities to both technical and non-technical audiences.
- Capable of performing vulnerability analysis upon report results or zero day announcements, manage communications, and ensure timely remediation.
- Author/utilize tools/scripts to manually validate or test vulnerabilities when no public utilities exist.
- Ability to manage 3rd party partners to meet SLAs and commitments.
- Results oriented cross-functional leadership success partnering with internal and external stakeholders.
- Outstanding written, verbal, and presentation communications skills.
- Executional excellence – consistently deliver programs to successful outcomes in a fast moving environment.
- Excellent interpersonal communication, project management and leadership skills. Must be able to communicate effectively and tactfully with all levels of personnel (in person, on the telephone and through written communication). Unwavering passion, commitment, and persistence to the business, customers and technology.
- Ability to efficiently achieve security requirements in an effective partnership with the independent teams who are responsible for software development and system administration.
- Attention to detail with flexibility in addressing changing requirements.
Qualifications
- Bachelor’s Degree in technology or other related field from an accredited university or college; or equivalent work experience in Information Security and Business/Risk Management.
- Minimum of five (5) years of experience in the secure design and implementation of information systems.
- Minimum three (3) years of experience as an information security manager, lead, or equivalent
- One or more of the following professional certifications: CISA, CISM, CEH, CISSP, or SANS.
- Demonstrated success in security and vulnerability management within global enterprise environments.
- Strong record of steady career progression.
- Excellent references upon request.