Security Compliance Assessor

2 Months ago • All levels • Cyber Security • $59,280 PA - $62,400 PA

Job Summary

Job Description

The Security Compliance Assessor ensures security and compliance of information systems, data, and operations within Company 3's media and entertainment facilities. Responsibilities include drafting, maintaining, and reviewing GRC policies and procedures; conducting risk assessments and threat modeling; participating in internal and external audits; implementing security controls (access control, IDS/IPS, DLP); developing and delivering security awareness training; and participating in incident response. The role requires a deep understanding of the media and entertainment industry's security challenges and regulatory landscape, including MPA guidelines and the NIST Cybersecurity Framework. The ideal candidate will have experience in developing, implementing, and maintaining GRC frameworks, conducting audits, and producing comprehensive reports with actionable recommendations.
Must have:
  • GRC framework development & implementation
  • Risk assessment & threat modeling
  • Internal & external audit experience
  • Security policy & procedure development
  • NIST Cybersecurity Framework knowledge
  • Incident response participation
  • Security awareness training development
Good to have:
  • CISSP, CISM, CISA certifications
  • Data privacy expertise (GDPR, CCPA)
  • Scripting/automation skills (Python, PowerShell)
  • Cloud security knowledge
  • Experience with industry-specific security tools
Perks:
  • Comprehensive health, retirement, and insurance benefits (for eligible full-time employees)
  • Paid time off

Job Details

Business Unit: Company 3
Position: Security Compliance Assessor
Location: Santa Monica, CA (Remote)
Hours of Operation: 9:00am - 6:00pm EST or PST
*Pay Range: $29.00 - $30.00 USD hourly


POSITION SUMMARY:
Company3/Method Studios (CO3/Method) is a global leader in media and entertainment services for film, video and online content.  With operations in Los Angeles, New York and around the globe, the company employs over 2,500 of the most talented, highly honored, and recognized artists and industry veterans worldwide.   
 

The Security Compliance Assessor is responsible for ensuring the security and compliance of all information systems, data, and operations within the media and entertainment facility. This role will play a critical part in maintaining a secure and reliable environment that aligns with industry best practices, including the Motion Picture Association (MPA) guidelines and the National Institute of Standards and Technology (NIST) Cybersecurity Framework 

MAIN DUTIES:
Governance, Risk & Compliance (GRC):  The Security Compliance Assessor will draft, maintain, and regularly review policies and procedures related to GRC for physical, administrative, and information systems (IS) environments. They will conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities, as well as monitor and analyze security incidents and implement appropriate response and remediation plans. 
Auditing & Compliance: The Security Compliance Assessor will participate in external audits of CO3 facilities and operations conducted by third-party auditors, conduct regular internal audits of studios to assess compliance with CO3 policies and industry standards, and daft comprehensive audit reports that clearly convey findings to systems owners and executives, including recommendations for corrective actions. 
Security Controls: They will establish and maintain internal controls aligned with the NIST Cybersecurity Framework to safeguard sensitive data and systems, and implement and manage security controls, including access control, intrusion detection/prevention systems, and data loss prevention measures. 

The Security Compliance Assessor will also be responsible for the following:
Security Awareness & Training:  
  • Develop and deliver comprehensive security awareness training programs for all employees, covering topics such as phishing, social engineering, and best practices for data handling and protection. 
  • Track employee training completion and maintain records of training activities. 
Incident Response:  
  • Participate in cybersecurity simulation events and tabletop exercises to test and refine incident response plans. 
  • Assist in the investigation and resolution of security incidents, including data breaches and cyberattacks.  
Stay Informed:  
  • Stay abreast of the latest security threats, vulnerabilities, and best practices in the media and entertainment industry. 
  • Maintain knowledge of relevant industry standards and regulations, including those related to data privacy (e.g., GDPR, CCPA). 

WHAT YOU BRING:
The ideal candidate will be experienced in the information systems or computer science field, and must have solid experience in developing, implementing, and maintaining GRC frameworks. This includes risk assessments, threat modeling, and policy/procedure development. They must be able to demonstrate a deep understanding of the unique security challenges and regulatory landscape within the media and entertainment sector and be experienced with conducting both internal and external audits, analyzing findings, and producing clear, concise reports with actionable recommendations. Additional desired skills include:
  • NIST Cybersecurity Framework Knowledge: Demonstrated understanding and ability to apply the NIST Cybersecurity Framework within a real-world setting. 
  • Communication & Collaboration: Excellent written and verbal communication skills are essential for interacting with various stakeholders (executives, technical teams, auditors). Must be comfortable speaking to large, diverse groups. Ability to convey complex information clearly and concisely. Ability to communicate with users of varying technical knowledge. 
  • Project Management: Ability to manage multiple projects simultaneously, prioritize tasks effectively, and meet deadlines. 
  • Adaptability: Ability to work under pressure in a dynamic environment. 
The following skills are considered an asset:
  • Incident Response Experience: Prior experience in incident response activities, including investigations, containment, and remediation. 
  • Data Privacy Expertise: Familiarity with relevant data privacy regulations (GDPR, CCPA, etc.) and how they impact the media and entertainment industry. 
  • Technical Certifications: Relevant security certifications (e.g., CISSP, CISM, CISA) are a plus. 
  • Scripting/Automation: Basic scripting skills (e.g., Python, PowerShell) can be beneficial for automating tasks and improving efficiency. 
  • Cloud Security Knowledge: Familiarity with cloud security concepts and best practices, particularly relevant to cloud-based media and entertainment services. 
  • Experience with industry-specific tools: Familiarity with tools commonly used in the media and entertainment industry for security monitoring, threat intelligence, or compliance management. 
  • Technical Proficiency: Familiarity with common security controls (access control, IDS/IPS, DLP), and an understanding of how these technologies work within the context f a media & entertainment organization. 
  • Technical Understanding: Understanding and experience with endpoint, application, and network security, identity and access management, incident response, and vulnerability management. 
  • Networking Expertise: Demonstrated knowledge of networking best-practices and security protocols. 

ABOUT THE COMPANY:
Company 3, including its various business units and family of brands, provides a full range of Creative Services for content creators, including conceptual design, pre-vis, look development, ideation and rapid prototyping, 3D animation/CGI, motion graphics/designers, matte painting, compositing, dailies and production services, color grading, post-production finishing, marketing/trailers, live-action production, experiences, and more.

Diversity and Inclusion at Company 3:

Creativity has diversity at its core. We celebrate the value of each unique experience by being dedicated to fostering the most diverse, equitable, and inclusive culture where every employee feels empowered and safe to show up to work as their full self.

It is our policy to provide equal employment opportunities to all applicants and employees. Please inform the Company's HR representative if you need assistance completing any forms or otherwise need any accommodation or support in order to participate in the application process.

*The listed pay range represents the lowest to highest range that we in good faith believe we would pay for this role at the time of this posting. This range may be modified in the future. An employee’s pay position within the range may be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, local currency exchange rates, performance, shift, travel requirements, sales or revenue-based metrics, applicable law, and business or organizational needs. 

The benefits for eligible part-time employees working 25 or more hours per week and full-time employees in the US include a comprehensive package of health, retirement, and insurance benefits and paid time off. The benefits for eligible project hires and part-time employees working less than 25 hours per week in the US include retirement, select insurance benefits, and where required by law, health benefits. For roles filled in Canada and other territories, local benefits plan offerings as adopted and amended from time to time will apply.

The above compensation and benefits information is provided in accordance with various state, provincial, and local pay transparency laws.

This position is for an existing vacancy. Both external and internal candidates can apply for this role through the Company’s Career Page. The Company generally only contacts those individuals who have submitted an application which it wishes to interview. The application window for this position is expected to close by May 15, 2025.

Similar Jobs

The Walt Disney Company - Sr. Marketing Data Scientist

The Walt Disney Company

Burbank, California, United States (On-Site)
1 Month ago
Canva - Backend Software Engineer - Gen AI, Design Generation Experience

Canva

Melbourne, Victoria, Australia (Remote)
4 Weeks ago
Socialpoint - Senior UX/UI Designer

Socialpoint

Barcelona, Catalonia, Spain (Hybrid)
1 Month ago
Acceldata - Staff Product Designer

Acceldata

Bengaluru, Karnataka, India (On-Site)
4 Months ago
Ubisoft - Technical Cinematic Designer

Ubisoft

Bordeaux, Nouvelle-Aquitaine, France (On-Site)
2 Months ago
Google - Senior Validation Security Consultant

Google

Reston, Virginia, United States (On-Site)
1 Week ago
PwC - Cybersecurity Threat & Vulnerability | Manager | Cyber Security | Technology Consulting

PwC

Dublin, County Dublin, Ireland (On-Site)
6 Months ago
Google - Senior Validation Security Consultant

Google

Reston, Virginia, United States (On-Site)
2 Days ago
ION - Junior Cyber Security Analyst

ION

Pisa, Tuscany, Italy (Hybrid)
6 Months ago
The Walt Disney Company - Staff Content Security Engineer

The Walt Disney Company

Glendale, California, United States (On-Site)
3 Days ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Metacore - UI Artist

Metacore

Helsinki, Uusimaa, Finland (Hybrid)
23 Hours ago
Instawork - Lead Product Designer

Instawork

Bengaluru, Karnataka, India (Hybrid)
22 Hours ago
Nagarro - SAP PSM (Senior) Consultant

Nagarro

Germany (Remote)
2 Months ago
WongDoody - (CX) Customer Experience Consultant

WongDoody

Melbourne, Victoria, Australia (On-Site)
22 Hours ago
Velan Studios - Environment Artist

Velan Studios

Ontario, Canada (On-Site)
1 Month ago
Temporal Technologies - Senior Solutions Architect - Growth

Temporal Technologies

Chicago, Illinois, United States (On-Site)
6 Hours ago
PlayStation Global - Senior Designer (Environments)

PlayStation Global

Guildford, England, United Kingdom (Hybrid)
1 Month ago
Peak - Game UI Artist

Peak

(On-Site)
2 Weeks ago
Nexon America - Motion Graphics Designer

Nexon America

El Segundo, California, United States (Hybrid)
1 Day ago
Bohemia Interactive - Technical Designer (Ylands EDU)

Bohemia Interactive

Prague, Prague, Czechia (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in United States

The Walt Disney Company - Park Decorator

The Walt Disney Company

Anaheim, California, United States (On-Site)
3 Days ago
Activate Games - Game Facilitator (Store Associate)

Activate Games

Arizona, United States (On-Site)
6 Days ago
NVIDIA - Senior Methodology Software Engineer

NVIDIA

Santa Clara, California, United States (On-Site)
2 Weeks ago
Google - Program Manager II, Supply Chain Planning, Platforms and Devices

Google

Mountain View, California, United States (On-Site)
2 Days ago
Google - Quant UX Research Lead, ChromeOS

Google

San Jose, California, United States (On-Site)
2 Weeks ago
Netflix - Director - Ads Data Engineering

Netflix

United States (Remote)
2 Weeks ago
Bright Machines - Perception Research Engineer

Bright Machines

San Francisco, California, United States (On-Site)
6 Months ago
Dave Ramsey - UX/UI Content Writer

Dave Ramsey

Franklin, Tennessee, United States (On-Site)
3 Weeks ago
Riot Games - Staff Software Engineer, Rendering - League of Legends

Riot Games

Los Angeles, California, United States (On-Site)
1 Month ago
Cadence - Lead Product Engineer

Cadence

San Jose, California, United States (On-Site)
3 Hours ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

PwC - Cyber Security Architect

PwC

Amsterdam, North Holland, Netherlands (On-Site)
3 Months ago
PwC - FY25 - Talent Pool - Consulting - Associate

PwC

Jakarta, Jakarta, Indonesia (On-Site)
7 Months ago
The Walt Disney Company - Security Specialist, Compliance

The Walt Disney Company

Burbank, California, United States (On-Site)
2 Weeks ago
ION - Network Security Engineer

ION

Rome, Lazio, Italy (Hybrid)
6 Months ago
Google - Software Engineer III, AI Agent Security, Core

Google

Zürich, Zurich, Switzerland (On-Site)
2 Weeks ago
PwC - ETIC, SAP Security Associate - Cyber Security

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
6 Months ago
Epic Games - Senior Security Engineer - Asset Integrity

Epic Games

Porto Alegre, State Of Rio Grande Do Sul, Brazil (On-Site)
1 Month ago
PINKERTON | Comprehensive Risk Management - Regional Security Lead

PINKERTON | Comprehensive Risk Management

Maharashtra, India (On-Site)
5 Months ago
ByteDance - Physical Security Trainee-2025 Start

ByteDance

Singapore (On-Site)
6 Months ago
PwC - IN-Associate _Business Analyst _Citizen Services _Advisory _Chennai

PwC

Chennai, Tamil Nadu, India (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Company 3 is a comprehensive postproduction facility for features, episodic, commercials, and music videos. Known for its creative color artistry, pioneering technology, and global reach, Company 3 is trusted to deliver a quality product every time. It is home to one of the largest and most talented pools of colorists and visual effects artists working in post-production today with a client list that includes many of the most respected and talented film and entertainment professionals in the industry.


Company 3 offers solutions-based services ranging from color correction, Digital Intermediate (DI), and file-based workflows to visual effects and online services. Through its virtual outposts, Company 3 Colorists are available to clients around the world.

Ontario, Canada (On-Site)

Santa Monica, California, United States (On-Site)

New York, New York, United States (On-Site)

Maharashtra, India (On-Site)

Los Angeles, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

Santa Monica, California, United States (Hybrid)

Santa Monica, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

New York, New York, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Company3 Method Studios

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug