Sony Music Entertainment

Security Analyst, Assurance and Metrics

US-NY-New York
1 year ago
Job ID
# Positions
Information Technology - Computer/Network Security


Job Summary:


Sony Music Entertainment is a global recorded music company with a roster of current artists that includes a broad array of both local artists and international superstars, as well as a vast catalog that comprises some of the most important recordings in history. Sony Music Entertainment is a wholly owned subsidiary of Sony Corporation of America.


Sony Music is committed to providing equal employment opportunity for all persons regardless of age, disability, national origin, race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, veteran or military status, genetic information or any other status protected by applicable federal, state, or local law.


Sony Music is seeking a Security Compliance Analyst to join the Global Information Security organization located in New York. This position will report to the Director, Security Program Management and be a part of the team responsible for implementing and maintaining an enterprise-wide risk and compliance strategy to secure Sony’s information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of Sony’s customers and employees.


The ideal candidate is a driven team-player with experience working in a dynamic environment and the ability to wear multiple hats in the information security realm.  Candidate should have a proven history of policy design and security awareness delivery in an IT organization in one or more of the following information security domains: networking, data and mobile security, cryptography, etc.  The candidate should have a proven history in compliance implementation projects and audit roles, including risk and controls assessments, gap analysis, risk management concepts and risk assessment methodologies.  Other areas of responsibility may include acting as a backup for other parts of the organization, such as risk management.  Candidate should be able to leverage multiple forms of communication to articulate complex concepts with proficiency to both technical contributors and executive management.


Essential Duties & Responsibilities:


Will include, but are not limited to:


  • Conduct periodic on-site risk assessments of information security management system (ISMS) and information security technical and process controls across the Sony Group
  • Facilitate compliance self-assessments, information security program maturity assessments, and evaluation of technical controls
  • Leverage existing Governance, Risk, and Compliance (GRC) tools to collect risk assessment results and findings, manage information security control compliance, analyze policy exceptions, and to administer the program
  • Perform all continuous monitoring functions, including coordinating mitigation of gaps, findings and other security issues; reviewing plans of action and milestones; and any other testing required by Sony Corporation.
  • Support development and maturation of the Information Security compliance program, including documenting risk assessment  plans, and participating in annual audit  planning and scheduling
  • Contribute to development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations.
  • Evaluates the design effectiveness of IT controls based upon industry best practice models (e.g. COBIT, ITIL) in accordance with compliance requirements.
  • Performs activities to help measure and monitor compliance with company policies and procedures. 
  • Scope, manage, track, and control project issues to ensure timely delivery of solutions; Develop reports to track planning, scheduling, issues, risks, metrics, and overall status.
  • Compile management reports, summary analysis, and detailed presentations to describe risk and maturity assessments.
  • Develop and issue ad-hoc security compliance dashboards and reports for internal stakeholder
  • Create, maintain and report metrics that measure effectiveness of various security controls.
  • Prepare Project Status Reports and provide reports to management that communicate strategic issues and risks.
  • Ensure that the projects meet requirements and objectives and deliver on success criteria.
  • Manage project team members and resolve issues by delivering the facts and keeping the team focused on the objectives and success criteria.
  • The ability to articulate risks and findings to senior management.


Education and/or Experience:

  • Minimum 4 years’ experience in information security, IT program management, or internal risk assessment 
  • Minimum 2 years’ experience in information security control assessments, risk assessment, or compliance
  • Bachelor’s degree, preferably in Computer Science or a related field, such as business administration or management information systems, or equivalent experience
  • CISA, CISSP, or similar industry recognized certification preferred
  • Track record of independently performing information security assessments or IT / ISO risk assessments
  • Superior negotiation and communication skills to maintain positive working relationships with business stakeholders
  • Experience with GRC tools, such as RSA-Archer preferred
  • Significant experience with MS Office, especially Excel and PowerPoint, required
  • Fluency and experience with information security standards such as ISO 27001, ISO 27002, NIST publications, etc.
  • Ability to address multiple assignments simultaneously, with strong ability to prioritize tasks and respond to dynamic priorities
  • Excellent writing and analytical skill set
  • Ability to travel, including internationally, up to 15%
  • Eligible to work unrestricted in the USA

Decision/Problem Solving Skills:

  • Strong analytical skills.
  • Adept at learning new technologies.
  • Ability to handle simultaneous projects, prioritize tasks and meet deadlines.
  • Strong written and verbal communication skills and the ability to interact well with different levels within the organization.
  • Ability to host, present, and facilitate meetings to all levels of management including Chief Information Officers, Chief Technology Offers and
  • their direct reports.
  • Ability to work well in a collaborative, team oriented environment.
  • Excellent organizational skills and attention to detail. 

Work Relationships:


Internal Contacts: Will work closely with other members of the Information Security department.  All territories and business units globally, including but not limited to IS&T, Human Resources, Facilities, Legal, Marketing and Digital.  Global and local application operations, development and infrastructure technology teams.   Sony’s Global Information Security and Privacy team and Information Security personnel in other Sony operating companies (i.e. SEL, SPE, SCEE, SCA, DADC, SMOC, SNEI).


External Contacts: Security vendors, 3rd party hosting and development partners, Law enforcement, External council and Forensic Investigators.


Affirmative Action Basic Qualifications Questions 

  1. Do you have minimum of (4) years of proven IT program management or internal risk assessment  experience?
  2. Do you have a Bachelor’s Degree, preferably in Computer Science or related course of study?
  3. Do you a CISSP, CCNA or similar network certification?


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed