Cloud Security Engineer

CISSP, ISMS Governance, NIST
Full Time
Work from home not available Travel not required

Job Description

Information Security Program Manager - Full Time NYC


  • Develop and enhance the SCA Information Security Management System (ISMS) at SCA, which includes security management for SCA’s corporate functions as well as certain SCA subsidiary companies.
  • Manage the Information Security Analyst with a focus on operationalizing the ISMS/security program for the SCA scope
  • Foster close working relationships with key stakeholders across the SCA scope to enable support for security initiatives
  • Build and maintain inventories of information assets, including information systems and 3rd party vendors
  • Conduct information security assessments and develop and execute risk mitigation plans
  • Provide guidance to stakeholders with regards to security controls and best practices
  • Facilitate the exception management process; this includes tracking exceptions and evaluating associated risks by working with other information security staff and coordinating with the risk owner
  • Validate, triage, and respond to incidents identified by all sources including the Sony Global Security Incident Response Team (GSIRT)
  • Deploy and track information security training and awareness activities, including baseline training, phishing awareness campaigns and other supplementary training and awareness efforts
  • Gather and report on program metrics with regards to compliance, vulnerability, risk and incident management
  • Assist with the preparation of materials for quarterly Information Security & Privacy Management Committee Meetings with senior executives and stakeholders
  • Perform other duties as assigned


  • Requires a Bachelor’s degree in a related field (such as information technology or management) or equivalent in education and experience
  • Minimum of 5 years of related work experience in information security; must have 2 to 3 years of experience managing direct reports
  • Functional knowledge of all information security domains, information security industry standard, and best practices
  • Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST), information security roles, security controls
  • Demonstrated experience leading and executing security assessments and reviews
  • Strong attention to detail, project management, communication and organizational skills
  • CISSP, CISM or related SANS certifications are desired but not required
  • Experience collaborating and communicating effectively and tactfully with both business-oriented executives and technology-oriented colleagues
  • Willingness to work independently and proactively in unstructured environment
  • Experience managing multiple projects simultaneously that involve key stakeholders across a global and complex organization
  • All candidates must be authorized to work in the USA

William Barry, 212-629-4660


Posted By

William Barry

250 Pelhe Ave, Suite 211 Park 80 West Plaza Saddle Brook, NJ, 07663

Dice Id : datacny
Position Id : 650265
Have a Job? Post it