Senior Director - Enterprise Architect & IT Security - SCEA - San Mateo

Job description
Sony Computer Entertainment America (SCEA) is an autonomous business unit of Sony Corporation, focused on the selling and marketing of PlayStation products and services throughout the Americas. The Director of Enterprise Architecture & IT Security owns the Enterprise Architecture for SCEA, and is the IT Security Manager (ITSM). This director is responsible for providing a strategic framework for Application and Infrastructure decisions and projects, with additional focus on execution of SCEA security programs while aligning strategically with information security initiatives set forth by the greater Sony Corporation Chief Information Security Officer (CISO). The Director of Enterprise Architecture and IT Security must be business-minded and focused on secure enablement of profit activities within SCEA.

Principle Duties / Responsibilities
Create and drive progress on a cohesive Enterprise Architecture for SCEA applications, systems and tools.
Create and evangelize across SCEA leadership an IT Strategy and overall architecture combining traditional and cloud / SaaS offerings with user experience focus.
Provide consultative input and guidance to solutions and projects aligned to SCEA IT initiatives, global Sony initiatives, business partner initiatives, other SCE and Sony division initiatives, insuring the best balance of efficiency, effectiveness, security and scalability tradeoff decisions.
Understand and guide SCEA IT on latest technology trends and recommend technology refresh standards.
Support the infrastructure, application, and cloud teams from an architecture standpoint, mediate conflicts and escalate as needed.
Drive agility and business speed through implementation of architectural concepts such as service oriented architecture (SOA), enterprise services buses, and standardized design patterns.
Rationalize application portfolio across both on premise and software-as-a-service (“cloud”) applications.
Advance SCEA data architecture by streamlining and securing data flows across applications
Drive high-level strategy for big data and business intelligence in a cross-functional fashion
Serve as the authoritative point of contact for all IT Security activities within SCEA.
Compile, review, and revise security policies as necessary.
Manage the incident response lifecycle, from initial crisis to concluding reports.
Define and direct SCEA’s perpetual vulnerability management program.
Consult with and educate the business around security best practices.
Work closely with Sony Corporation CISO.
Supervise compliance activities; specifically those around third-party vendor due diligence.
Work directly with business units to understand current business objectives and security impact.
Define creative alternatives to complex security issues in order to further business initiatives.
Design and track metrics to demonstrate the effectiveness of information security activities.
Ensure continued regulatory compliance in the areas of Sarbanes Oxley (SOX) and Payment Card Industry (PCI)
Transform Sony global security policies and initiatives into formats suitable to SCEA culture
Manage full time employees and external vendors in their efforts around architecture and information technology security.
Desired Skills and Experience
Required Knowledge / Skills
Fluency in enterprise architecture frameworks such as TOGAF.
A practitioner of disciplined process, including systems development lifecycle (SDLC) as well as program and project management (PPM) fundamentals.
Understanding of compliance requirements, specifically those around Sarbanes Oxley, Payment Card Industry (PCI), and service organization auditing.
Well versed in enterprise data warehousing and familiarity with ETL and reporting tools.
Experience with enterprise resource planning systems such as Oracle or SAP.
Basic understanding of web services and web-based APIs.
Familiarity with secure software development, including topics such as OWASP Top 10 as well as static and dynamic application security testing.
Demonstrate competence in the realm of data lifecycle management and protection.
Cloud security expert with ability to identify risk at any point in service provider supply chain.
Comfortable articulating risk using traditional risk management methodologies.
Fundamental understanding of security tools such as next-generation firewalls, security information and event managers (SIEM), and vulnerability scanners.
Thorough understanding of identity and access management, including cross-domain federation and cloud service provider integration.
Ability to prescribe compensating controls to existing environments demonstrating inadequate security posture.
Understanding of social engineering and corresponding preventative measures.
Familiarity with common security domains such as mobile security, cryptography and incident response.
Required Experience / Education
Bachelor’s degree in Information Systems, Information Technology, Computer Science or similar discipline
At least 10 years of IT experience, and at least 3 years in a strategic leadership capacity
Preferred Experience / Education
Master’s Degree in Information Systems, Information Technology, Computer Science or similar discipline

Enter your email address:

Refer This Job To Your Friends And Help Them To Find Jobs!