This job might no longer be available.
Security Analyst, Security Governance, Risk & Compliance
4 years ago
PlayStation isn’t just the Best Place to Play —it’s also the Best Place to Work. We’ve thrilled gamers since 1994, when we launched the original PlayStation. Today, we’re recognized as a global leader in interactive and digital entertainment. The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Corporation.
Working with the Manager of Security Risk and Compliance, the Security Analyst is a member of the team that oversees the SIE Security Governance, Risk, and Compliance program in alignment with established Security policies, standards, methodologies, and processes. The Security Analyst will be responsible for executing assessments to ensure compliance with internal and external requirements, identifying risks, and communicating the posture to the SIE leadership team. The Security Analyst also acts as the domain expert for Security Governance, Risk, and Compliance.
Key Responsibilities:
- Support the Security Risk Assessment methodology, policy, strategy and process
- Perform hands-on gap and risk assessments to identify, document, and track significant information security risks associated with:
- Applications
- Development
- Information systems
- Data centers
- Cloud and physical IT infrastructure
- Vendors and other third parties
- Monitor and review IT Security controls to identify operational effectiveness
- Map controls to policies, standards, procedures, and process to ensure compliance
- Manage remediation efforts and track completion status of deficiencies
- Work with GRC and other Security tools to collect and maintain security and risk information
- Provide security consulting services to business owners and stakeholders
- Maintain broad knowledge of standard methodologies and trends in the field of Information Security and other technologies relevant to systems operated by the Operations teams
- Work with technical teams, partners and leadership teams to translate security risk mitigation plans into actionable items to mitigate risk
Required Qualifications:
- Experience implementing or assessing security in a cloud-hosted environment
- Extensive knowledge of security technologies and risk assessment methodologies, policies and processes
- Desire to rapidly learn new and evolving technologies in a fast-paced environment
Preferred Qualifications:
- 4+ years experience working within the technical arena with 2 plus years of information security work experience
- Solid technical background in IT systems and networking in Cloud environments
- Knowledge and experience pertaining to :
- AWS (or similar) cloud security and infrastructure
- Web infrastructure security (Applications and APIs)
- Network security tools (IDS/IPS, firewalls, etc.)
- Network visualization tools (Skybox Security, Redseal Networks, etc.)
- Encryption technology and implementation
- Database security
- Disaster recovery concepts
- Operating system security and hardening
- Enterprise scale application hardening (e.g. GitHub, Jenkins, Slack)
- Experience using vulnerability assessment tools and writing risk mitigation plans according to the assessment
- Excellent analytical, evaluative, and problem-solving abilities
- Demonstrated ability to collaborate with technical and non-technical teams to further the goals and mission of the Security Risk and Compliance team
- Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
- Experience with PCI and SOX compliance programs as well as their technical and security requirements
- Experience in security standards such as ISO 27001, 27002, 27005; NIST, COBIT, ITIL
- Technical certifications within the area Security are a strong plus (CISSP, CRISC, CCSK, CCSP, GIAC or equivalent)
- Ability to work independently and multi-task effectively
- A bachelor’s degree in Cyber Security, Information Security, or Computer Science
- Experience with Continuous Integration/Continuous Development (CI/CD) concepts
- A passion for the gaming industry is a plus
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to race, color, religion, gender, pregnancy, national origin, ancestry, citizenship, age, legally protected physical or mental disability, covered veteran status, status in the U.S. uniformed services, sexual orientation, marital status, genetic information or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
We sincerely appreciate the time and effort you spent in contacting us and we thank you for your interest in PlayStation.
#LI-GM1
Create Your Profile — Game companies can contact you with their relevant job openings.