Information Security Manager - Privacy Management
Sony Pictures Entertainment 174 reviews - Culver City, CA

This job posting is no longer available on Dice. Find similar jobs:Information Security Manager jobs - Sony Pictures Entertainment jobs

Sony Pictures Entertainment is a leading creator and distributor of entertainment products services and technology Our global operations encompass motion picture production and distribution television programming and syndication home video acquisitions and distribution operation of studio facilities development of new entertainment technologies and distribution of filmed entertainment in over 67 countries The Information Security Manager reports to the Director of Information Security The Information Security Manager works to establish design document implement and enforce Information Security global company policy standards guidelines procedures and processes The Information Security Manager has operational responsibility for the execution of corporate data protection and privacy initiatives In addition the Information Security Manager is responsible to support Information Security department initiatives around policy compliance and risk management Governance Risk Compliance (GRC) operations third party risk management data protection and privacy management and identity and access management The Information Security Manager is also responsible for managing the Company’s personal information inventory managing global incident response procedures and coordinating with key internal and external stakeholders on matters involving Information Security and Privacy The Information Security Manager executes the operational responsibility through assessing risks designing technical controls and configuration standards based on the requirements set forth in Company policies and standards to enforce compliance 30 1 Privacy Management The Information Security Manager supports the SPE Privacy Officer in ongoing maturation of the privacy program The Information Security Manager works with various business stakeholders to implement privacy training and awareness report on privacy compliance and collaborate with corporate legal and compliance on the overall privacy compliance posture The Information Security Manager works with auditors to conduct privacy audits responds to privacy inquiries from customers and associates Maintains all essential business records and archival material related to the company’s PII management program The Information Security Manager also acts as key contact for business units in incident reporting Work with internal and external stakeholders on incident management The Information Security Manager also educates management and employees on information protection and privacy principles so they are aware of key issues and requirements The Information Security Manager partners with departmentsdivisions to review privacydata controls make recommendations for controls and safeguarding the use storage and transfer of personal information and company assets Work within business to implement controls and establish new policy to maintain controls 20 2 Risk Management The Information Security Manager performs risk analysis for infrastructure and applications as part of the risk management lifecycle and provides informed decisions to management concerning the potential risks to the business The Information Security Manager works with the business owners and project managers to understand the results of vulnerability and threat assessments and ensures that critical risks are mitigated in accordance with applicable security policy and standards The Information Security Manager develops and maintains business processes around the global personal information inventory including but not limited to assessing accuracy and completeness and implementing awareness campaigns for employees to help the business adopt usage guidelines for personal information where appropriate 20 3 GRC Management The Information Security Manager serves as the primary technical resource for the Governance Risk Compliance (GRC) platform The Information Security Manager collaborates with business unit owners in applying process and functional requirements to application design The Information Security Manager also defines unit and integration test plans test scripts enhancements and system interfaces to be developed The Information Security Manager evaluates GRC System design across business solutions for ongoing process and system improvement at SPE The Information Security Manager also assists business unit owners in interpreting GRC data to produce analyses and reports 10 4 Compliance Management The Information Security Manager maintains and supports compliance management portal produces periodic compliance reports and designs compensating controls The Information Security Manager supports policy compliance campaign activities in addition to industry and regulatory compliance requirements (eg PCI SOX Safe Harbor etc) 10 5 Third Party Management The Information Security Manager is responsible for enforcing policies regarding security practices to be used by SPE’s key suppliers and vendors The Information Security Manager performs a risk assessment of suppliervendor security practices and works closely with Procurement and Legal 10 6 Identity and Access Management (IAM) The Information Security Manager assists in defining the SPE IAM solution process functional and control requirements The Information Security Manager supports the system owner in enhancing the capability of the IAM solution and provides end user acceptance feedback Summarize the kinds and level of knowledge skills and abilities your job requires Knowledge of Principles of ecommerce security B2BB2CB2B and the use of information security risk assessment frameworks risk assessment practices methodologies and practical enterprise application Example ISO27001 Knowledgeable of industry regulation regulatory compliance and international security standards state federal international laws Examples PCI DSS SOX SB1386 HIPAA GLBA SOA Basel II Safe Harbor MPAACDSA and EU Privacy Directives Understanding of secure coding standards and secure coding frameworks Examples OWASP BSIMM CLASP Understanding of Information Security technologies markets and vendors (firewall intrusion detection assessment tools encryption certificate authority Web and application development) Knowledge of system security and controls including firewall and virus software identity management and computer control environments Understanding of domain structures user authentication and authorization encryption network and application security and digital signatures knowledge of Active Directory LDAP and other protocols Global Data Privacy regulations Skill In Welldeveloped interpersonal communication oral written and presentation skills Attention to detail negotiation and influencing skills Writing policies procedures guidelines and technical documentation Using Microsoft Office products (Office 20032007 preferable) including Visio and Project Maintain disciplined time management Ability to maintain discretion and confidentiality Ability To Prepare systems and process documentation with the use of flow charts and narration Ability to begin keep track of and complete multiple concurrent tasksprojects Analyze complex problems quickly develop creative solutions and adapt to a fast paced environment with a strong attention to detail Work independently with minimum supervision as part of a close team environment Strong problem solving decision making and followthrough abilities Understand queries comments suggestions and concerns or issues expressed by participants during meetings technical committees and as part of ongoing operations Communicate effectively in a multicultural multinational environment and mobilize crossfunctional high performance teams Maintain a professional demeanor when dealing with confidential and sensitive issues As a global leader in creativity and innovation Sony Pictures Entertainment draws upon the diverse backgrounds and perspectives or our workforce for continued success Our respect for employee differences and focus on employee development encourages a progressive and rewarding work environment In addition SPE offers excellent benefits medical dental vision 401k 10 paid holidays plus much more

About this company
174 reviews
Sony Pictures Entertainment (SPE) is a movie-making monster. The producer of Godzilla is a unit of Sony Corporation of America, the US arm...