The Director, Risk Management will be responsible for identifying and managing potential areas of information security risk and continue to enhance the IT risk management process across Sony Music Entertainment. This role is responsible for the execution and oversight of assessments for systems, applications, platforms, networks, and vendors, as well as the creation and tracking of risk treatment plans or policy exceptions where risks have been identified.
Watch: Career Advice
The Director, Risk Management must be comfortable in communicating across a global business and amongst all management levels up to (and including) C-level and have worked in a lead security role with a particular focus on risk analysis.
The ideal candidate is innovative, resourceful, and self-directed, and enjoys working in a rapidly changing security environment.
Responsibilities:
Essential Duties & Responsibilities:
Identify and manage existing and potential information security risks that can affect Sony Music.
Provide direction on the continued development and maintenance of SME’s Information Security management system including Information Security policies, standards and procedures.
Work closely with key divisions responsible for SME’s information assets, data custodians and governance groups in the development and maintenance of such policies while ensuring compliance with all company, regulatory and legal requirements.
Recommend enhancements and changes to existing Information Security policies and standards based upon the evolving operating and threat landscape.
Assist in security due diligence and integration for Sony Music’s 3rd parties, acquisitions and partnerships.
Work with Application & Infrastructure Security personal to conduct regular risk assessments, and advise on acceptable levels of risk.
Assist in the creation and tracking of risk treatment plans, including the creation of policy exceptions where necessary.
Communicate risk posture and metrics to senior management and business units as required.
Qualifications:
5+ year’s experience in Information Security.
A valid CISSP certification.
Bachelor’s degree, preferably in a related course of study.
Experience in managing Information Security using ISO27001 ISMS.
Experience with RSA Archer eGRC Platform service tools preferred or good expertise in similar IT GRC platforms.
Experience with security challenges and opportunities in the cloud and 3rd party services space.
Experience with vulnerability management and risk assessment frameworks (ISO, NISD, PCI).
Knowledge of common web development platforms and content management systems and frameworks (.NET, PHP, Drupal, Ruby, Wordpress) and related security challenges.
Good knowledge of infrastructure security tools, designs, and best practices.
Strong knowledge of outsourcing and managed service implementations.
Strong written and oral communications skills – comfortable C-level communication.
Ability to effectively present information, interact with, and respond to questions from groups of managers, employees and vendors.
Ability to work effectively as a member of multiple teams.
Ability to understand computer and datacenter technologies within an enterprise environment.
Good time management skills.
Self-motivated and highly organized.
Prior experience in music/media industries and consulting preferred.
Send To A Friend
Posts
