Executive Director, Application Security Architect

We are seeking a visionary and hands-on Executive Director of Security Architecture with mature skill in Application Security/DevSecOps, Data Security and Cloud who will excel in leading the strategic design, implementation, and continuous improvement of Sony Pictures application security posture. This is a highly influential role, requiring both deep technical expertise and business-aligned leadership. The ideal candidate will have previous experience in application architecture and engineering and is now focused on information and cybersecurity to define robust security design patterns, reference architecture across applications, data, and cloud environments, proactively addressing cyber risks and promoting secure coding practices aligned with the Sony Pictures goals.

Key Responsibilities

• Strategic Vision: Develop and articulate a comprehensive security architecture strategy for application, data and cloud for Sony Pictures information and content assets. Continuously evaluate emerging threats and industry best practices to evolve our security posture.
  • Define, document, and promote security architecture, DevSecOps, and technical standards throughout Sony Pictures.
  • Lead the development and implementation of comprehensive security architecture strategies for application, data and cloud environments to protect against current and emerging threats.
• Architecture Design and Engineering: Lead hands-on design and implementation reviews of security solutions across application, data and cloud domains. Thoroughly assess security risks in existing and planned systems and infrastructure. Define technical security standards and governance processes.
  • Lead security architecture review processes, ensuring all new systems and changes to existing systems comply with Sony’s security standards.
  • Conduct in-depth assessments of current security architectures, identify threats and vulnerabilities, and develop mitigation strategies.
  • Recommend design patterns and security best practices for technology and application implementations.
• Security Solution Evaluation and Selection: Research, evaluate, and recommend cutting-edge security technologies and tools. Oversee proof-of-concept initiatives and guide vendor selection.
  • Conduct market research to assess the landscape of available security solutions in specific areas (e.g., data security, cloud security, application security).
  • Liaise with IT and security operations teams to define and orchestrate POC testing for shortlisted security solutions.
• Enterprise Security: Work closely with IT infrastructure, application development, DevSecOps, and business stakeholders to embed application security principles throughout all phases of technology development and deployment.
  • Develop and maintain security architecture documentation and standards.
  • Collaborate with IT and business units to integrate security best practices into the development lifecycle of projects and technology initiatives.
• Governance and Compliance Maintain a deep understanding of security regulations and frameworks (e.g., NIST, ISO 27001, PCI DSS, OWASP, SAFECode) for designing systems and processes that not only protect data but also demonstrate adherence to industry standards and regulations.

Required Qualifications

Technical Skills

• Mastery of Security Architecture Principles: Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), AI Security, Product Security, Threat modeling, GPDR and privacy, vulnerability assessment techniques, DevSecOps, Secure Coding Principles and Practices.
• Application Security Expertise: Demonstrated experience with Full Stack WebApp/API, firewalls (WAFs), secure software development lifecycles (S-SDLCs), DevSecOps, IaC, Docker/Container Security, Data Security, static/dynamic application security testing (SAST/DAST), API security, Authentication/Authorization Best Practices, and Secure Coding Standards and Techniques.
• Cloud Security Expertise: Proficient in cloud security models (IaaS, PaaS, SaaS), cloud-native security tools, encryption and key management, privileged access management (PAM), security posture and compliance within cloud environments, mainly AWS and Azure.
• Network Security Expertise: Excellent knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, network access control (NAC), DMZ design, and DDoS mitigation.
• Proficiency in Major Frameworks:  Demonstrated knowledge of NIST Cybersecurity Framework, ISO 27001/27002, PCI DSS (if handling payment card data), OWASP, SAFECode, and other relevant entertainment industry guidelines such as TPN and MotionLabs.
• Translation to Practice: The ability to take concepts from frameworks and benchmarks and apply them practically to the design of security solutions. This includes mapping controls, risk assessment techniques, and documentation in alignment with standards.

Leadership Skills

• Leadership: Strong ability to lead, motivate, and develop a team of security professionals. Foster a collaborative and results-oriented environment.
• Strategic Thinking: Capacity to align security objectives with Sony broader business and Cybersecurity goals, effectively quantifying risks and prioritizing initiatives for optimal impact.
• Communication and Influence: Excellent written and verbal communication skills. The ability to translate technical concepts for non-technical audiences and secure buy-in at the executive level.
• Problem-solving: Analytical mindset with demonstrated adeptness in solving complex security challenges.
• Adaptability: Ability to thrive in a dynamic, fast-paced environment where technologies and threat landscapes rapidly evolve.

Education and Experience

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced technical certifications strongly preferred (CISSP, CCSP, CSSLP, OSCP, or vendor-specific architecture and security certifications).
• Minimum of 10+ years of progressive experience in cybersecurity, application security engineering, with at least 5+ years in a security architecture leadership role with hands-on experience.

Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.

SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law.

To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.