We are seeking a visionary and hands-on Executive Director of Security Architecture who will excel in leading the strategic design, implementation, and continuous improvement of Sony Pictures security architecture. This is a highly influential role, requiring both deep technical expertise and business-aligned leadership. The ideal candidate will expertly define a robust security framework across network, applications, and cloud environments, proactively addressing cyber risks and ensuring alignment with the Sony Pictures goals.
Key Responsibilities
Strategic Vision: Develop and articulate a comprehensive security architecture strategy to ensure the confidentiality, integrity, and availability of the Sony Pictures information and content assets. Continuously evaluate emerging threats and industry best practices to evolve our security posture.
Define, document, and promote security architecture, and technical standards throughout Sony Pictures.
Lead the development and implementation of comprehensive security architecture strategies for network, application, and cloud environments to protect against current and emerging threats.
Architecture Design and Implementation: Lead hands-on design and implementation reviews of security solutions across network, application, and cloud domains. Thoroughly assess security risks in existing and planned systems and infrastructure. Define technical security standards and governance processes.
Lead security architecture review processes, ensuring all new systems and changes to existing systems comply with Sony’s security standards.
Conduct in-depth assessments of current security architectures, identify threats and vulnerabilities, and develop mitigation strategies.
Recommend design patterns and security best practices for technology implementations.
Security Solution Evaluation and Selection: Research, evaluate, and recommend cutting-edge security technologies and tools. Oversee proof-of-concept initiatives and guide vendor selection.
Conduct market research to assess the landscape of available security solutions in specific areas (e.g., network security, cloud security, application security).
Liaise with IT and security operations teams to define and orchestrate POC testing for shortlisted security solutions.
Enterprise Security: Work closely with IT infrastructure, application development, DevSecOps, and business stakeholders to embed security principles throughout all phases of technology development and deployment.
Develop and maintain security architecture documentation and standards.
Collaborate with IT and business units to integrate security best practices into the development lifecycle of projects and technology initiatives.
Governance and Compliance: Maintain a deep understanding of security regulations and frameworks (e.g., NIST, ISO 27001, PCI DSS) for designing systems and processes that not only protect data but also demonstrate adherence to industry standards and regulations.
Required Qualifications
Hard Skills
Mastery of Security Architecture Principles: Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), threat modeling, GPDR and privacy, vulnerability assessment techniques, and secure coding practices.
Network Security Expertise: Excellent knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, network access control (NAC), DMZ design, and DDoS mitigation.
Application Security Expertise: Demonstrated experience with web application firewalls (WAFs), secure software development lifecycles (SDLCs), static/dynamic application security testing (SAST/DAST), API security, and secure coding techniques.
Cloud Security Expertise: Proficient in cloud security models (IaaS, PaaS, SaaS), cloud-native security tools, encryption and key management, privileged access management (PAM), security posture and compliance within cloud environments.
Proficiency in Major Frameworks: Demonstrated knowledge of NIST Cybersecurity Framework, ISO 27001/27002, PCI DSS (if handling payment card data), and other relevant entertainment industry guidelines such as TPN and MotionLabs.
Translation to Practice: The ability to take concepts from frameworks and benchmarks and apply them practically to the design of security solutions. This includes mapping controls, risk assessment techniques, and documentation in alignment with standards.
Soft Skills
Leadership: Strong ability to lead, motivate, and develop a team of security professionals. Foster a collaborative and results-oriented environment.
Strategic Thinking: Capacity to align security objectives with Sony broader business and Cybersecurity goals, effectively quantifying risks and prioritizing initiatives for optimal impact.
Communication and Influence: Excellent written and verbal communication skills. The ability to translate technical concepts for non-technical audiences and secure buy-in at the executive level.
Problem-solving: Analytical mindset with demonstrated adeptness in solving complex security challenges.
Adaptability: Ability to thrive in a dynamic, fast-paced environment where technologies and threat landscapes rapidly evolve.
Education and Experience
Bachelor's degree in Computer Science, Information Security, or a related field. Advanced technical certifications strongly preferred (CISSP, CCSP, CISA, or equivalent).
Minimum of 10+ years of progressive experience in cybersecurity, with at least 5+ years in a security architecture lead role.
#J-18808-Ljbffr