Chief Information Security Officer
Metro-Goldwyn-Mayer Studios Inc
Culver City, CAThis was removed by the employer on 2/8/2022 2:08:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Chief Information Security Officer jobs in Culver City-CA
Search all Chief Information Security Officer postings
Full Time Job
Metro-Goldwyn-Mayer Studios Inc. ("MGM") is seeking a Chief Information Security Officer to lead the following functions: Security Engineering & Architecture, Security Operations, Governance, Risk and Compliance (GRC) globally. This role will work with executive management to help establish and communicate the organization's risk tolerance. Lead the vision, strategy, and operational direction of information security to manage a broad range of programs such as content protection, enterprise security, cloud security, application security, third party risks, incident response, threat intelligence, data, and privacy to address and meet MGM's business objectives.
We're looking for an innovative leader with strong technical and business acumen to lead and mentor high-performing teams and partner closely with the Media Technology Group (MTG), Legal, HR, and subsidiary leaders.
The Team: We're a diverse group of professionals who have a passion for protecting our storytellers, creatives, workforce, content, and over 96 years of Hollywood history. We pride ourselves on being innovative and progressive in all areas of information and cybersecurity. Our mission is to build frictionless security to support business enablement. Inclusiveness and empowerment are part of our ethos to elevate our team and the infosec community. Our ideal candidate can find creative ways to solve complex security challenges.
Responsibilities
• Drive information security programs to the next level of maturity.
• Create and manage CAPEX/OPEX budgets to drive, sustain and maintain programs.
• Coach and mentor direct and non-direct reports within the information security organization. Acquire talent as necessary to mature strategy and programs.
• Develop, enforce and maintain policy, standards, and procedures to assess, monitor, report, escalate and remediate risk and compliance issues related to information security.
• Proactively work and encourage buy-ins from key stakeholders to implement practices that meet defined guidelines and standards for information security, keeping it a top priority.
• Perform or source risk assessments, audits, and computer security incident investigations.
• Educate and advise MTG and business executives as needed on technology risk and compliance issues and appropriate mitigation strategies and approaches.
• Report and consult with law enforcement agencies as necessary during incidents.
• Ensure disaster recovery and business continuity plans are in place and tested.
• Ensure all application and infrastructure projects consider information and cybersecurity implications, and that risks have been identified and addressed early in the SDLC stages. Foster and promote the shift left mentality with the product, DevOps, and engineering teams.
• Facilitate the review and verification of new third-party vendors concerning their information security practices--audit third-party vendor compliance on security requirements as needed.
• Conduct and manage security awareness training for all personnel and enforce compliance. This includes tabletop exercises with senior management and key stakeholders across all business units.
• Partner with the Chief Communications Officer on risk communications internally and externally.
• Relentlessly pursue a security awareness culture across the entire company and its subsidiaries. Foster and promote employee engagement to build a community-centric security model.
• Be inspirational, engaging and accountable.
Requirements
• 5 years in an information security leadership position.
• Must have minimum 3 years of combined experience with these CISSP domains: Security and Risk Management, Security Architecture and Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, and Security Operations.
• Experience with CIS, NIST, and other frameworks for on-prem and cloud environments.
• Experience with the MITRE ATT&CK framework and various threat modeling techniques.
• Experience with industry standard risk frameworks like FAIR.
• Experience with threat management and risk prioritization.
• Experience with various regulations such as GDPR, CCPA, SOX, PCI, etc.
• Experience building and leading GRC committees.
• Experience in coordinating with general counsel, insurance carriers, and law enforcement agencies during incident responses and crises.
• Experience with identity providers such as Azure, Okta, Ping, etc.
• Experience operationalizing the shift left SDLC mindset.
• Experience with budget, project, and resource management.
• Experience with identifying, building, and delivering key metrics for success.
• Experience in building easy-to-understand presentations for senior executives and board members.
• Experience with contracts/vendor management and have strong negotiating skills.
• Preferred two or more of these certifications: CISSP, CISM, CISA, AWS Cloud Practitioner, AWS Solutions Architect Associate, AWS Security Specialty, or CompTIA CySA .