• Senior Technical Manager, Information Security

    Brand
    Pluto TV
    Job Locations
    US-CA-WEST HOLLYWOOD
    iCIMS ID
    2019-13070
  • Overview and Responsibilities

    Who We Are

    Pluto TV, a Viacom company, is the leading free streaming television service in America, delivering 100+ live and original channels and thousands of on-demand movies in partnership with major TV networks, movie studios, publishers, and digital media companies. Pluto TV is available on all mobile, web and connected TV streaming devices and millions of viewers tune in each month to watch premium news, TV shows, movies, sports, lifestyle, and trending digital series. Headquartered in West Hollywood, Pluto TV has offices in New York, Silicon Valley, Chicago and Berlin.

    About Viacom

    Viacom creates entertainment experiences that drive conversation and culture around the world. Through television, film, digital media, live events, merchandise and solutions, our brands connect with diverse, young and the young at heart audiences in more than 180 countries.

    For more information on Viacom and its businesses, visit www.viacom.com. Keep up with Viacom news by following us on Twitter (twitter.com/viacom), Facebook (facebook.com/viacom) and LinkedIn (linkedin.com/company/viacom).

    Overview

    The Senior Technical Manager’s primary job responsibility is to reduce risk to Viacom Information and Information Systems through the understanding and use of various data security technologies, applications, methodologies and industry standards. The Senior Technical Manager will be a Technology professional able to provide advanced expertise in Information Security Technologies and risk reduction strategies. In addition to daily operational responsibilities, this role will be responsible for the innovation and execution of people/process and technology improvements within Information Security as well as the broader MTS group. This role includes a focus on DevSecOps and requires daily interaction with DevOps to enforce Secure SDLC requirements.

    Responsibilities

    • Coordinates with DevOps to verify compliance with Secure SDLC process and monitors secure code enforcement and remediation efforts.
    • Works independently applying in-depth knowledge of multiple Information Security technologies (Cloud Access Security Brokers (CASB)/Database Security (DAM)/Data Breach Solutions (DBS)/Data Leakage Prevention (DLP)/Data Security and File Encryption platforms/DDOS Protection Platforms/ Dynamic Web and Static Code Testing Solutions/Email Security Platforms/Endpoint Protection and Response solutions/Firewalls/Identity and Access Management Platforms (IAM)/IPS solutions/Network Behavioral Analysis (NBA)/Privileged Access Management (PAM)/Security Information Management Solutions (SIM)/Threat Management Platforms (TMP)/Vulnerability Management platforms/Web Application Firewalls (WAF)/Web Security URL Filtering, etc.) as appropriate.
    • Performs sophisticated analysis of Information Security related logs and log data to surface potential Information Security risk and concerns for resolution.
    • Actively makes risk reducing recommendations to appropriate business units regarding the development of new or existing services.
    • Participates in Incident Response training initiatives and when required ensures active participation in the incident response lifecycle governed by the Technical CIRT Policy.
    • Frequently reviews any tickets in any service ticketing queues related to the group handled to ensure accurate ticket closure.
    • Effectively lead a team of employees and/or consultants to deliver efficiently on projects and maintain positive team dynamics and communications.

    Basic Qualifications

    • 6+ years industry experience required, including a minimum of 3 years at a Senior level. Desired previous experience working in DevSecOps.
    • Knowledge of Secure Coding standard methodologies as defined by OWASP.
    • Experience with Static Code Analysis tools such as Checkmarx or HP Fortify.
    • Previous experience working in DevSecOps, including knowledge and experience enforcing a Secure Software Development Lifecycle.
    • Goal driven individual with good technical, interpersonal, communication and organizational skills.
    • Makes a dedication to helping build a “transparent culture of service” which fosters an open, honest, candid workplace within the teams handled.
    • Embraces and fosters “innovation” by working on new things in new ways every day.
    • Develop a global perspective with consideration for local business needs.
    • Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles.
    • Resource management skills, capable of leading contract employees.
    • Acts responsibly with sensitive and confidential information.
    • Is creative and inventive as a problem solver.
    • Consistently demonstrates the drive to deliver projects successfully even under difficult timelines.
    • Have strong logical, analytical, methodical, investigative, and auditing skills.
    • Knows when to make practical rational decisions that reduce risk to Viacom information and Information systems.
    • Excellent verbal and written communication.
    • Travel domestically and internationally if required and with short notice.
    • Must be reliable and available 24/7 if required.

    Additional Qualifications

    • Demonstrated experience in handling cybersecurity incidents through the incident response lifecycle.
    • Demonstrated experience with the following security areas: GRC, SIEM, Vulnerability. management, identify and access management, firewalls, DLP, forensics, malware analysis and incident response.
    • Layer 2, 3 and 4 infrastructure designs and functionality.
    • Windows, Linux, and Cisco Networking Device hardening best practices.
    • The latest hacking techniques and appropriate countermeasures.
    • Firewalls, rule base analysis, stateful inspection, encryption and associated algorithms.
    • Common threat analysis methodologies such as SANS and OWASP.
    • Knowledge of Common Cybersecurity Frameworks (NIST, ISO, COBIT, and SSAE-16).
    • Identity and Access Management methodologies.
    • Authentication Platforms, which includes but is not limited to LDAP and Active Directory.
    • Federated Authentication Platforms and associated protocols.
    • Proficient knowledge of regulatory controls including PCI and SOX.
    • Remains current on emerging trends and best practices within the community of information security authorities; researches and leverages standard methodologies from other industry partners.
    • CISSP Preferred
    • SANS (GIAC), CEH, CISSP, PMP, ITIL (Optional but preferred.)
    • BA/BS degree or equivalent preferred.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed