Manager, Information Security
Pluto TV
West Hollywood, CAThis was removed by the employer on 4/7/2020 9:54:00 AM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Manager, Information Security jobs in West Hollywood-CA
Search all Manager, Information Security postings
Full Time Job
Pluto TV is the leading free streaming television service in America, delivering 100 live and original channels and thousands of on-demand movies in partnership with major TV networks, movie studios, publishers, and digital media companies. Pluto TV is available on all mobile, web and connected TV streaming devices and millions of viewers tune in each month to watch premium news, TV shows, movies, sports, lifestyle, and trending digital series. Headquartered in Los Angeles, Pluto TV has offices in New York, Silicon Valley, Chicago and Berlin. Pluto is a subsidiary of ViacomCBS (NASDAQ: VIAB, VIA), a global content company with premier television, film and digital entertainment brands.
Overview and Responsibilities
The Senior Technical Manager’s primary job responsibility is to reduce risk to Viacom Information and Information Systems through the understanding and use of various data security technologies, applications, methodologies and industry standards. The Senior Technical Manager will be a Technology professional able to provide advanced expertise in Information Security Technologies and risk reduction strategies. In addition to daily operational responsibilities, this role will be responsible for the innovation and execution of people/process and technology improvements within Information Security as well as the broader MTS group. This role includes a focus on DevSecOps and requires daily interaction with DevOps to enforce Secure SDLC requirements.
• Coordinates with DevOps to verify compliance with Secure SDLC process and monitors secure code enforcement and remediation efforts.
• Works independently applying in-depth knowledge of multiple Information Security technologies (Cloud Access Security Brokers (CASB)/Database Security (DAM)/Data Breach Solutions (DBS)/Data Leakage Prevention (DLP)/Data Security and File Encryption platforms/DDOS Protection Platforms/ Dynamic Web and Static Code Testing Solutions/Email Security Platforms/Endpoint Protection and Response solutions/Firewalls/Identity and Access Management Platforms (IAM)/IPS solutions/Network Behavioral Analysis (NBA)/Privileged Access Management (PAM)/Security Information Management Solutions (SIM)/Threat Management Platforms (TMP)/Vulnerability Management platforms/Web Application Firewalls (WAF)/Web Security URL Filtering, etc.) as appropriate.
• Performs sophisticated analysis of Information Security related logs and log data to surface potential Information Security risk and concerns for resolution.
• Actively makes risk reducing recommendations to appropriate business units regarding the development of new or existing services.
• Participates in Incident Response training initiatives and when required ensures active participation in the incident response lifecycle governed by the Technical CIRT Policy.
• Frequently reviews any tickets in any service ticketing queues related to the group handled to ensure accurate ticket closure.
• Effectively lead a team of employees and/or consultants to deliver efficiently on projects and maintain positive team dynamics and communications.
Basic Qualifications
• Knowledge of Secure Coding standard methodologies as defined by OWASP.
• Experience with Static Code Analysis tools such as Checkmarx or HP Fortify.
• Previous experience working in DevSecOps, including knowledge and experience enforcing a Secure Software Development Lifecycle.
• Goal driven individual with good technical, interpersonal, communication and organizational skills.
• Makes a dedication to helping build a “transparent culture of service” which fosters an open, honest, candid workplace within the teams handled.
• Embraces and fosters “innovation” by working on new things in new ways every day.
• Develop a global perspective with consideration for local business needs.
• Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles.
• Resource management skills, capable of leading contract employees.
• Acts responsibly with sensitive and confidential information.
• Is creative and inventive as a problem solver.
• Consistently demonstrates the drive to deliver projects successfully even under difficult timelines.
• Have strong logical, analytical, methodical, investigative, and auditing skills.
• Knows when to make practical rational decisions that reduce risk to Viacom information and Information systems.
• Excellent verbal and written communication.
• Travel domestically and internationally if required and with short notice.
• Must be reliable and available 24/7 if required.
Solid understanding of the following:
• Demonstrated experience in handling cybersecurity incidents through the incident response lifecycle.
• Demonstrated experience with the following security areas: GRC, SIEM, Vulnerability. management, identify and access management, firewalls, DLP, forensics, malware analysis and incident response.
• Layer 2, 3 and 4 infrastructure designs and functionality.
• Windows, Linux, and Cisco Networking Device hardening best practices.
• The latest hacking techniques and appropriate countermeasures.
• Firewalls, rule base analysis, stateful inspection, encryption and associated algorithms.
• Common threat analysis methodologies such as SANS and OWASP.
• Knowledge of Common Cybersecurity Frameworks (NIST, ISO, COBIT, and SSAE-16).
• Identity and Access Management methodologies.
• Authentication Platforms, which includes but is not limited to LDAP and Active Directory.
• Federated Authentication Platforms and associated protocols.
• Proficient knowledge of regulatory controls including PCI and SOX.
• Remains current on emerging trends and best practices within the community of information security authorities; researches and leverages standard methodologies from other industry partners.
Experience:
• 6 years industry experience required, including a minimum of 3 years at a Senior-manager level. Desired previous experience working in DevSecOps.
Additional Qualifications
• CISSP Preferred
• SANS (GIAC), CEH, CISSP, PMP, ITIL (Optional but preferred.)
• BA/BS degree or equivalent preferred.