Intern - Information Security Analyst

This is a Part Time Unpaid Internship

Internship - Information Security Analyst

Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.

Hi, we're Sony Pictures Entertainment!

We are in the business of creativity… making some of the most beloved film and television of all time for every platform in the world. As the most creative and proudly independent studio, our future is boundless.

Sony Pictures Entertainment is a division of Sony Corporation, a creative entertainment company built on a foundation of technology. Along with our sister companies, we make movies, television, music and games that engage billions of people, connecting creators and audiences around the globe. We are looking for innovators to join us as we forge the future of entertainment!

We are excited to be reintroducing our internship program back to our London office, with placements starting in July 2023 and ending in July 2024. This 12 month program is a fantastic opportunity for anyone in the very early stages of their career to join one of the leading companies in Film and TV. Although each role is different and part of a different department, all our internships will give you an in-depth understanding of the industry and department and will play a major part in helping to carve out your future career.

Before applying for this role please ensure you attach both a CV and cover letter to explain why you feel this particular internship is of interest to you and why you feel you would be a good fit.

Only applications that attach both documents will be considered. Applications close by Monday 13th February 2023.

Internship and Department overview:

This internship will be placed as an Information Security Analyst in the EMEA Information Security team and will provide input and support for the development and delivery of the Global Information Security Program to all SPE office's, subsidiaries and TV productions in EMEA, including but not limited to the following functional areas;
• Information Governance
• Data Privacy
• Information Security Management System (ISMS)
• Security Operations (Incident Response, Cyber Threat Intelligence)
• Mergers and Acquisitions
• Training and Awareness
• Risk Management
• Content Security

What you will do:
• Support the implementation of SPE and Sony Group Policies and standards within EMEA based production companies.
• Support security reviews of production and post-production workflows.
• Support the development of technical security documentation for non SPE content handling systems, including hardening and configuration guidelines for secure implementation.
• Work with key business stakeholders and the Content Security team to provide advice and guidance to all EMEA productions to reduce risk and safeguard SPE IP.
• Support detailed design reviews of proposed systems and solutions, identifying threats and vulnerabilities, and providing recommendations to reduce risk.
• Support the incident response team to manage the investigation of content leaks, identify root cause and remediation steps to prevent reoccurrence.
• Support end-to-end information security risk assessments to identify, assess, and measure information security risks for systems, applications, facilities, technical environments, networks, projects, workflows, and third parties impacting IT and business initiatives within region across Sony Pictures and SPE subsidiaries.
• Support the delivery of training and awareness campaigns and initiatives.
• Deliver accurate reports to assess, document, and communicate results of evaluations and assessment.
• Collect and distribute metrics measuring effectiveness of current security posture and performance.
• Evaluate and test business processes and controls to identify and report areas of risk and to stakeholders.
• Engage with business stakeholders to understand business practices, gathering and facilitating the convergence of business, technical and security requirements.

What you will Learn:
• Learn to relate business needs to security controls; understanding the business impact of security tools, technologies, and policies and how best to mitigate them.
• Gain a thorough understanding of ISO 27001, Lead implementor and Lead Auditor certifications.
• Practical experience implementing and auditing an information security management system.
• Incident Response procedures
• Develop interpersonal communication skills with the ability to communicate effectively with IT, project and development teams, management and business stakeholders.
• Practised proficiency in performing risk, business impact, control, and vulnerability assessments.
• Analysing and making recommendations for existing procedures to increase efficiency and effectiveness
• Develop strong organisational, project management and multi-tasking skills.
• Ability to simplify complex problems with the ability to prioritise tasks based on business impact
• Work effectively in a multicultural, multinational environment consisting of multi-functional, high-performance teams.
• Coaching and mentoring from highly experienced experts throughout the organisation

What you need:

Ideally you will be graduating from a Bachelor's Degree or Masters Degree in a relevant field and can demonstrate the following;
• Understanding of Information risk concepts and principles
• Understanding of Information Security Frameworks such as NIST and ISO 27001
• Knowledge of Network architecture (routers, switches, and load balancers).
• Knowledge of Security technologies (firewalls, IDS/IPS/UTM, advanced endpoint security, AV, FIM).
• Knowledge of Operating systems (Windows, OS X, Linux, and UNIX).
• Knowledge of Application Security, Vulnerability Scanners and Penetration Testing.
• Knowledge of Cloud computing platforms (PaaS, IaaS, SaaS)
• Asks the right questions in order to analyse and simplify complex problems
• Curious to learn and happy to take on new challenges
• Good analytical, research, and problem-solving skills with keen attention to detail
• Ability to communicate clearly and concisely with technical and non-technical teams across multiple businesses; written, verbal, presentation, and interpersonal skills.
• Ability to work on multiple projects, with the ability to adapt to dynamic work environments and prioritise tasks accordingly
• Ability to make decisions, use discretion, and display sound judgement
• Highly self-motivated and able to work both independently and as part of a multi-disciplined team

If you feel you meet the above desired skills and qualifications and are looking to kick start your career in Information Security, we would love to hear from you!

If you require any reasonable adjustments with any part of the recruitment process, including the application or interview process, please contact us at uk_-_peopleandorganisation@spe.sony.com. Please put Reasonable Adjustment Request in the subject line of the email.

Sony Pictures Entertainment is committed to equal opportunity in all its employment practices, policies and procedures. No worker or potential worker will therefore receive less favourable treatment due to their race, age, creed, sexual orientation, colour, nationality, ethnic origin, disability, religion, gender, marital status or Trade Union membership (if applicable).

* Sony Pictures - GBR - London