Executive Director, Application Security Architect

2 Months ago • 10 Years + • $205,000 PA - $258,000 PA
System Design

Job Description

We are looking for a visionary Executive Director of Security Architecture with expertise in Application Security/DevSecOps, Data Security, and Cloud. This role involves leading the strategic design, implementation, and continuous improvement of Sony Pictures' application security posture. The ideal candidate will have prior experience in application architecture and engineering, with a focus on information and cybersecurity. Responsibilities include defining robust security design patterns, reference architecture across applications, data, and cloud environments, proactively addressing cyber risks, promoting secure coding practices, and leading security architecture review processes. The role requires assessing security risks, developing mitigation strategies, recommending design patterns, and evaluating security technologies.
Good To Have:
  • AI Security, Product Security, Threat modeling
  • GPDR and privacy knowledge
  • DevSecOps, Secure Coding Principles
  • Full Stack WebApp/API security
  • SAST/DAST, API security, Authentication/Authorization Best Practices
  • Cloud security models (IaaS, PaaS, SaaS)
  • AWS and Azure security
  • IDS/IPS, network segmentation, VPNs
  • OWASP, SAFECode, TPN, MotionLabs
Must Have:
  • Mastery of Security Architecture Principles
  • Deep understanding of defense-in-depth strategies
  • Expertise in Application Security
  • Proficiency in Cloud Security
  • Excellent Network Security knowledge
  • Proficiency in Major Frameworks (NIST, ISO 27001)
  • Strong leadership and strategic thinking skills
  • Excellent communication and problem-solving abilities

Add these skills to join the top 1% applicants for this job

saas-business-models
team-management
communication
excel
risk-management
risk-assessment
design-patterns
game-texts
market-research
security-testing
aws
azure
cloud-security
docker

We are seeking a visionary and hands-on Executive Director of Security Architecture with mature skill in Application Security/DevSecOps, Data Security and Cloud who will excel in leading the strategic design, implementation, and continuous improvement of Sony Pictures application security posture. This is a highly influential role, requiring both deep technical expertise and business-aligned leadership. The ideal candidate will have previous experience in application architecture and engineering and is now focused on information and cybersecurity to define robust security design patterns, reference architecture across applications, data, and cloud environments, proactively addressing cyber risks and promoting secure coding practices aligned with the Sony Pictures goals.

Key Responsibilities

  • Strategic Vision: Develop and articulate a comprehensive security architecture strategy for application, data and cloud for Sony Pictures information and content assets. Continuously evaluate emerging threats and industry best practices to evolve our security posture.
    • Define, document, and promote security architecture, DevSecOps, and technical standards throughout Sony Pictures.
    • Lead the development and implementation of comprehensive security architecture strategies for application, data and cloud environments to protect against current and emerging threats.
  • Architecture Design and Engineering: Lead hands-on design and implementation reviews of security solutions across application, data and cloud domains. Thoroughly assess security risks in existing and planned systems and infrastructure. Define technical security standards and governance processes.
    • Lead security architecture review processes, ensuring all new systems and changes to existing systems comply with Sony’s security standards.
    • Conduct in-depth assessments of current security architectures, identify threats and vulnerabilities, and develop mitigation strategies.
    • Recommend design patterns and security best practices for technology and application implementations.
  • Security Solution Evaluation and Selection: Research, evaluate, and recommend cutting-edge security technologies and tools. Oversee proof-of-concept initiatives and guide vendor selection.
    • Conduct market research to assess the landscape of available security solutions in specific areas (e.g., data security, cloud security, application security).
    • Liaise with IT and security operations teams to define and orchestrate POC testing for shortlisted security solutions.
  • Enterprise Security: Work closely with IT infrastructure, application development, DevSecOps, and business stakeholders to embed application security principles throughout all phases of technology development and deployment.
    • Develop and maintain security architecture documentation and standards.
    • Collaborate with IT and business units to integrate security best practices into the development lifecycle of projects and technology initiatives.
  • Governance and Compliance Maintain a deep understanding of security regulations and frameworks (e.g., NIST, ISO 27001, PCI DSS, OWASP, SAFECode) for designing systems and processes that not only protect data but also demonstrate adherence to industry standards and regulations.

Required Qualifications

Technical Skills

  • Mastery of Security Architecture Principles: Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), AI Security, Product Security, Threat modeling, GPDR and privacy, vulnerability assessment techniques, DevSecOps, Secure Coding Principles and Practices.
  • Application Security Expertise: Demonstrated experience with Full Stack WebApp/API, firewalls (WAFs), secure software development lifecycles (S-SDLCs), DevSecOps, IaC, Docker/Container Security, Data Security, static/dynamic application security testing (SAST/DAST), API security, Authentication/Authorization Best Practices, and Secure Coding Standards and Techniques.
  • Cloud Security Expertise: Proficient in cloud security models (IaaS, PaaS, SaaS), cloud-native security tools, encryption and key management, privileged access management (PAM), security posture and compliance within cloud environments, mainly AWS and Azure.
  • Network Security Expertise: Excellent knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, network access control (NAC), DMZ design, and DDoS mitigation.
  • Proficiency in Major Frameworks:  Demonstrated knowledge of NIST Cybersecurity Framework, ISO 27001/27002, PCI DSS (if handling payment card data), OWASP, SAFECode, and other relevant entertainment industry guidelines such as TPN and MotionLabs.
  • Translation to Practice: The ability to take concepts from frameworks and benchmarks and apply them practically to the design of security solutions. This includes mapping controls, risk assessment techniques, and documentation in alignment with standards.

Leadership Skills

  • Leadership: Strong ability to lead, motivate, and develop a team of security professionals. Foster a collaborative and results-oriented environment.
  • Strategic Thinking: Capacity to align security objectives with Sony broader business and Cybersecurity goals, effectively quantifying risks and prioritizing initiatives for optimal impact.
  • Communication and Influence: Excellent written and verbal communication skills. The ability to translate technical concepts for non-technical audiences and secure buy-in at the executive level.
  • Problem-solving: Analytical mindset with demonstrated adeptness in solving complex security challenges.
  • Adaptability: Ability to thrive in a dynamic, fast-paced environment where technologies and threat landscapes rapidly evolve.

Education and Experience

  • Bachelor's degree in Computer Science, Information Security, or a related field. Advanced technical certifications strongly preferred (CISSP, CCSP, CSSLP, OSCP, or vendor-specific architecture and security certifications).
  • Minimum of 10+ years of progressive experience in cybersecurity, application security engineering, with at least 5+ years in a security architecture leadership role with hands-on experience.

The anticipated base salary for this position is $205,000-$258,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.

Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.

SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law.

To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

Set alerts for more jobs like Executive Director, Application Security Architect
Set alerts for new jobs by Sony Pictures Entertainment
Set alerts for new System Design jobs in United States
Set alerts for new jobs in United States
Set alerts for System Design (Remote) jobs

Contact Us
hello@outscal.com
Made in INDIA 💛💙