Director, Threat & Vulnerablity Management
CAA
Los Angeles, CAThis was removed by the employer on 8/18/2022 4:04:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the Agency/Management Category
Browse the IS/IT Category
Search for Director, Threat & Vulnerablity Management jobs in Los Angeles-CA
Search all Director, Threat & Vulnerablity Management postings
Full Time Job
Summary
CAA (Creative Artists Agency) is one of the world's leading entertainment agencies. The Technology department at CAA is a very dynamic and ever-changing environment. We pride ourselves on being at the forefront of technology in every aspect.
Reporting to the CISO this is a director level position managing a team inside the Information Security group and coordinating across the Tech department at large. This position's core focus is to ensure consistent, measurable end to end security for CAA's computing services. The successful candidate will holistically own the entire vulnerability discovery and remediation process. The candidate will work across the global technology organization to identify and manage cyber threats and vulnerabilities, coordinating the implementation, testing and validation of control mechanisms. The candidate will have demonstrated strong capabilities in threat and data flow modeling and has shown success using these models to actively manage information security risks. The candidate will have demonstrated previous success managing an enterprise threat and vulnerability program, successfully integrating multiple data sources to drive playbook mitigations and automations.
We are looking for candidates who have a passion for cyber security, threat detection, risk mitigation and automation. You will provide leadership in our efforts to build and support a defensible environment where we are able to detect, contain and respond quickly to threats, vulnerabilities and compromise in ways that serve to enable the technology needs of a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.
Responsibilities
• Define the strategy and roadmap for CAA's Threat and Vulnerability Management Services
• Manage and develop the team responsible for the delivery of CAA's Threat and Vulnerability Management Services
• Build threat and data models identifying key control objectives to ensure the secure delivery of new and existing services
• Manage internal and external vulnerability scanning and remediations
• Manage internal and external penetration testing and security assessment exercises
• Work across the Tech department to enhance security posture capabilities to limit security misconfigurations through secure configuration standards, monitoring and remediation
• Integrate data from multiple threat feeds into operational tooling
• Provide continuous visibility to new and emerging threats against existing security controls; ensuring controls remain effective to changing business and threat landscapes
• Measure and report on end-to-end effectiveness of security controls
• Work with IT and business leadership establish repeatable security standards and best practices
• Develop workflows and automations to identify and remediate systems and data not protected by standard security controls
Required Capabilities
• A minimum of 7 years' experience delivering information security solutions, ideally with a mixed focus on infrastructure and development projects and services
• Previous experience managing a threat and vulnerability program in a dev ops environment; supporting secure development processes for continuous integration and deployment
• Hands on experience in red team operations to test and validate the effective operation of security controls; measuring the ability to stop threats and attacks at the earliest point in the kill chain
• Proven track record working as both an individual contributor and manager in the areas of cyber threat and vulnerability management
• Bachelor's or master's degree in a relevant field of work
• Strong understanding of the fundamental operations of servers, operating systems, networks, cloud applications and infrastructure along with an expert understanding of the key controls required for secure operation of these systems
• Demonstrated an organized and methodical approach to delivering on security program objectives
• Designed and maintained controls to support the secure delivery of applications through continuous development and continuous integration processes
• Experience scripting in at least one of the following languages: PowerShell, Python, JavaScript
• Experience in aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, Center for Internet Security, OWASP,
• Experience integrating the following tools and capabilities into a successful threat and vulnerability program – Security Orchestration Automation and Response, Security Information and Event Management, Vulnerability Scanning, Security Threat Feeds, Red Team Tooling
CAA maintains a fully-vaccinated environment, for the safety and health of employees and guests, to the extent allowed by local law. Where permitted, all CAA employees will be required to be fully vaccinated against COVID-19 (including any waiting periods) and provide approved documentation when: 1) working in or visiting any CAA office; 2) attending any CAA company events, whether in the office or not; or 3) meeting with clients at any location. CAA also expects that all employees will take responsibility for maintaining optimal vaccine levels; for instance, this may include receiving boosters for which they are eligible. If you are unable to get a vaccine due to a medical condition, disability, or a religious belief, CAA will consider your accommodation request. The Company's policies in this regard may be updated from time to time, as pandemic/endemic conditions and local laws evolve.