Senior Director, Security Risk Management
Job Title:Senior Director, Security Risk Management
Activision Blizzard plays a centralized role in the creation of epic entertainment by supporting our interactive gaming brands and studios with a diverse range of career opportunities across corporate functions such as Marketing, Communications, Legal, Human Resources, Finance and Supply Chain. Located in our global headquarters in Santa Monica, we encompass equal parts agility and creativity to improve the employee and player experience. To learn more, check us out at www.activisionblizzard.com or on Twitter at @ATVI_AB
Senior Director, Security Risk Management
ABK is looking for a senior technical leader in security to help reduce the risk across the organization. The ideal candidate will be able to articulate risk to business leaders, with meaningful metrics, and advocate security throughout ABK. The leader will be able to take a risk-based approach in ensuring that risk in the asset environment is reduced with appropriate controls.
- You are proactive in removing roadblocks, pave the way for innovation, and can handle multiple competing priorities in a fast-paced environment
- You will work with business partners and engage leadership enterprise wide to create strong relationships and enhance internal processes and champion continuous improvement in risk management.
- Review internal tools/processes and assist in identifying potential opportunities for improvement and automation.
- You will identify deficiencies in the environment and offer solutions.
- You will provide metrics at the Information Security, Business Unity and Executive Leadership levels.
- You will support development of materials for, and participate in, the Enterprise Leadership Team, Audit Committee, Policy Review Board and Standard Review Board
- You will evangelize security throughout the organization.
- Leads and supports the risk professionals, establishing team and individual goals that support overall objectives. Coaches, mentors, and provides career development guidance. Establishes daily operations, regular communications, and resource planning, providing guidance, relaying expectations and leading team initiatives and activities. Recruits, screens, hires, trains and directly supervises all assigned subordinate staff. Evaluates employee performance. Counsels, disciplines and/or terminates employees, as required.
- Develops a strategy and leads a team for continuous vulnerability lifecycle management within ABK, detecting, monitoring, reporting, assessing impact on vulnerability-related data from internal/external sources. Develops and drives remediation strategies to address vulnerabilities and reduce attack surface. Assists with strategic planning, driving improvements and providing input on capabilities and methods for vulnerability management and security testing. Supports compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.
- Develops and maintains strong partnerships to drive end-to-end control risk identification, treatment, and / or remediation, ensure consistent customer experience, broaden awareness, and use of services, and educate users on security best practices integrated in key areas. Partners with IT teams to assess potential negative impacts of remediation and apply compensating/mitigating controls.
- Provides communications across the organization, interfacing with senior leadership, driving security hardening best practices, and representing the vulnerability management team with customers and partners.
- Where the ability to remediate is not the right solution, partner with the stakeholder to either put sufficient controls in place to protect ABK or process exceptions.
- Drives requirements definition, evaluation, recommendation, implementation, and troubleshooting of vulnerability management tools. Develops security testing capabilities and directs ongoing vulnerability assessments. Assesses current and emerging threats, cyberattacks, and zero-day vulnerabilities that pose risks to ABK. Notifies partners on threats and vulnerabilities to reduce the attack surface.
- Maintains awareness and knowledge of current changes within legal, regulatory, and technological environments which may affect operations. Ensures senior management and staff are informed of any changes in a timely manner.
- Promotes an environment that fosters inclusive relationships and creates unbiased opportunities for contributions through ideas, words, and actions that uphold principles of the ABK Code of Ethics. Recommends departmental goals and objectives (e.g., workforce planning, compensation). Reassesses or redefines priorities as appropriate, in order to achieve performance objectives.
- Bachelor's degree or combined experience/education as substitute for minimum education
- 15 years’ of directly related experience in information security management and knowledge of internet security and networking protocols, which includes
- 7-10 years’ experience leading a vulnerability management program, with the ability to prioritize projects and deliverables. Demonstrated understanding of vulnerability management and security testing practices and methodologies. Experience building infrastructure and application vulnerability management programs. Experience in Security Engineering and Architecture.
- Thorough knowledge of cloud computing and security issues related to cloud environments.
- Ability to evaluate business risks and recommend appropriate information security measures. Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10).
- Experience in configuration management of vulnerability assessment tools and static/dynamic application security testing. Understanding of system, application, and database-hardening techniques and practices.
- A deep understanding of NISTCSF, Risk Assessments, FAIR Risk Methodology, Audit Support, Executive Communications and Reporting, Risk Tracking / Exceptions Management and Issues Management.
- Ability to quickly adapt as the external environment and organization evolves.
- Ability to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers. Project management experience. Excellent written and oral communication skills.
- Advanced degree in a related field.
- 10+ or more years of related experience.
- Experienced in presenting to large groups with confidence and polished presentation skills.
- Working toward or has CISSP, CISSP-ISSMP, CISM, and/or CRISC certifications.
We love hearing from anyone who is enthusiastic about changing the games industry. Not sure you meet all qualifications? Let us decide! Research shows that women and members of other under-represented groups tend to not apply to jobs when they think they may not meet every qualification, when, in fact, they often do! We are committed to creating a diverse and inclusive environment and strongly encourage you to apply.
We are committed to working with and providing reasonable assistance to individuals with physical and mental disabilities. If you are a disabled individual requiring an accommodation to apply for an open position, please email your request to email@example.com General employment questions cannot be accepted or processed here. Thank you for your interest.
Activision Blizzard, Inc. (NASDAQ: ATVI), is one of the world's largest and most successful interactive entertainment companies and is at the intersection of media, technology and entertainment. We are home to some of the most beloved entertainment franchises including Call of Duty®, World of Warcraft®, Overwatch®, Diablo®, Candy Crush™ and Bubble Witch™. Our combined entertainment network delights hundreds of millions of monthly active users in 196 countries, making us the largest gaming network on the planet!
Our ability to build immersive and innovate worlds is only enhanced by diverse teams working in an inclusive environment. We aspire to have a culture where everyone can thrive in order to connect and engage the world through epic entertainment. We provide a suite of benefits that promote physical, emotional and financial well-being for ‘Every World’ - we’ve got our employees covered!
The videogame industry and therefore our business is fast-paced and will continue to evolve. As such, the duties and responsibilities of this role may be changed as directed by the Company at any time to promote and support our business and relationships with industry partners.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status, among other characteristics.