M+E Technology Job Board

Sr. Manager, Information Security

  • linkedin
  • fb
  • twitter
  • google plus
  • email

Sony Pictures Entertainment

Sony Pictures Entertainment (SPE) is a subsidiary of Sony Corporation of America (a subsidiary of the Tokyo based Sony Corporation). SPE’s global operations encompass motion picture production and distribution, television production and distribution, home entertainment acquisition and distribution, operation of studio facilities, development of new entertainment products, services and technologies, and distribution of entertainment in more than 140 countries.

The Policy & Compliance Sr. Manager role will be part of the Information Security Team at SPE. The Information Security team at SPE is responsible for protecting our content, systems, and data from being stolen, damaged or destroyed.

In this role you will be responsible for automating and continuously monitoring information security controls, exceptions, and testing. You will develop reporting metrics and dashboards, and evident artifacts, and define and document ownership of controls in GRC system. You will work closely with all levels of the organization, including Legal Compliance, Information Technology, Finance, Corporate Communications, and various lines of the business to meet company information security objectives.

Join the InfoSec team, help our business groups achieve its objectives securely and efficiently, and help drive down information security risk to the organization.


Core Responsibilities

Drive down information security risk by ensuring Sony Pictures business units and recently acquired businesses comply with information security controls and requirements.

Conduct compliance initiatives and activities to meet Sony and SPE CISO reporting requirements.

Operate with a continuous improvement mindset to leverage opportunities for automation across compliance and risk processes, procedures, and systems.

Policy Management

Manage and maintain Sony and SPE information security polices in GRC system.

Map and maintain Sony, SPE, & MPA policies against common controls framework.

Assess the appropriateness and effectiveness of security controls and recommend enhancements through the Sony policy working committee.

Review external policies or standards related to Information Security, comparison and gap analysis to internal security policies and requirements.

Lead the development of identified gaps, and related risks from technical and business perspectives.

Compliance Management

Manage, monitor, and coordinate information security policy exceptions and risk acceptance requests.

Issue and track policy violations

Lead and conduct compliance initiatives and activities to meet Sony and SPE CISO reporting requirements.

Develop reporting metrics, dashboards, and evidence artifacts.

Provide escalation and enforcement for unresolved noncompliance issues.

Partner with other Information Security teams to achieve departmental goals, as required.

Leverage collected data from various sources to draw meaningful insights and conclusions.

Drive continuous improvement through automation, process, and procedures.

Facilitate website management governance committee with members from Information Security, IT, Legal, Corporate Communications, and LoB stakeholders, coordinate governance and compliance initiatives related to websites, mobile applications, and social media accounts.


Core Requirements:

5+ years of experience managing projects, programs, vendors/suppliers, and technology and process implementations.

Bachelor’s Degree Preferred

CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA), and/or ISO27001 Lead Auditor or similar certifications are a bonus

Knowledge of:

ITIL, Agile, DevOps and demand processes across global organization.

ISO27001, NIST, PCI or other information security related best practice or framework.

Strong understanding of multiple software delivery life cycle methodologies.

Information Security System Management (ISMS) principles, process, and technologies.

Governance, Risk & Compliance process in a complex operating environment.

Experience working with or utilizing GRC tool a plus.


Strong analytical, diagnostic, critical thinking, and project management skills.

Strong follow-up, diligence, and organizational skills and the ability to manage priorities effectively.

Strong written and verbal communication skills.

Ability to work with a broad spectrum of people with various technical acumen.

Develop Microsoft PowerPoint, SharePoint applications and functionality.

Analyze current operational status and determine appropriate course of action.

Willing and able to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.

Achieve and maintain optimal operational efficiency via innovation and technical knowledge.

Cloud computing and security management

Ability to:

Communicate and operate in a complex global organization and promote the adherence to corporate policy goals while building working relationships with senior management and third party.

Take on new responsibilities and influence others as needed to deliver consistent results.

Write and communicate clearly and effectively with technical and non-technical resources.

Work independently as well as in a team environment, and foster collaboration.

Pick up new skills through self-learning and on the job training.

Adapt to changing or competing priorities.