We’re on the hunt for an Information Security Officer in our Los Angeles office. Remote work most of the time, however the resource needs to be available to attend monthly meetings in L.A. as required. This resource needs to be experienced in entertainment and information security.
- Establish and build collaborative relationships with a wide variety of stakeholders – executive, client, production, vendor, creative and technical team members locally and globally.
- Perform information security audits for vendors and software tools in line with global standards and corporate HQ.
- Participate in implementation, communication and management of risk assessments and security initiatives for a variety of topics – production workflows, physical location reviews, new vendor requests, etc.
- Work continuously with internal teams to identify and reduce weaknesses via a variety of methods including leading training and awareness programs.
- Help develop, maintain and enforce information security policies, standards, and procedures including incident investigations.
- Review and redesign existing workflows to create operational efficiencies.
- Maintain up to date knowledge of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies.
Who will thrive in this role:
- Experience with managing enterprise level security at a multinational media / entertainment company.
- College degree (BA or BS) (Management Information Systems, Information Security, Information Technology, or related field) plus CISA, CISM or CISSP certifications desired.
- Ability to cultivate relationships and act as a consultancy to varied stakeholders including cross-functional / peer relationships with diverse, global teams.
- Experience in project management and corporate security environment for a global company in such areas as policy creation, training / awareness, physical security controls, etc.
- Technical audit experience such as PCI-DSS, NIST, OWASP, ISO27001, SOX, pen testing, etc. and ability to assess complex systems highly desired.
- Ability to discuss a wide range of security issues in addition to global data protection / privacy laws, regulations and risk management methodologies.
- Good understanding of security, administration, design, and implementation of operating systems and network security controls for both physical hardware and cloud-based SAAS / hosted solutions.
- Strong interest in and of understanding of infrastructure security concepts, cloud-based architecture, security technologies, industry best practices, access controls, forensics and metric.
- Lots of energy and passion for Media and Security.