4-8 years of experience in information security with an emphasis on risk assessment and/or risk management
End-to end implementation of ISO 27001 risk management framework
Demonstrated ISO 27001 or other standard audit framework skillset in several information security domains - Mandatory
Experience conducting successful information security risk assessments Mandatory requirement
Experience conducting successful third party information security risk assessments Preferred
Demonstrated understanding & functional knowledge of technical domains of risk assessments to include at a minimum: - Mandatory
Network security
Identity and Access Management (IAM)
Asset security
Operational security
Cloud Security
VM
Experience with GRC tools (e.g. RSA Archer) Preferred
Certifications such as ISO 27001 LA, CISSP and/or CRISC are preferred
Skillset
Proficiency in Microsoft Office suite, including PowerPoint, Excel, Visio, Word
Able to manage multiple projects simultaneously, with strong ability to prioritize multiple tasks and respond to emergencies, organize and schedule work effectively
Bold, decisive manner but not overbearing; capability to interact with many new individuals in different contexts week-to-week
Exceptional communication, collaboration, and advocacy skills, both verbal and written, with the ability to express complex and technical issues as understandable language to all levels of personnel within Sony, and with clients and other stakeholders
Must work well with others in a globally and culturally diverse environment
