Security Risk and Compliance Lead

At Rockstar Games, we create world-class entertainment experiences. 

Become part of a team working on some of the most rewarding, large-scale creative projects to be found in any entertainment medium - all within an inclusive, highly-motivated environment where you can learn and collaborate with some of the most talented people in the industry.

Rockstar is on the lookout for a talented Security Risk & Compliance Lead to help assess and manage information security risks, and support risk treatment efforts to safeguard employees, information systems, and intellectual property. Leveraging your cross-domain cybersecurity expertise, you will support the identification, tracking, and reporting of risks and remediation efforts, including those related to third parties, to ensure alignment with organizational and industry standards. This is a full-time permanent position based out of Rockstar’s unique game development studio in the heart of New York City.

This is a full-time, in-office position based out of Rockstar’s NYC headquarters in Downtown Manhattan. 

WHAT WE DO

• The Rockstar Security team is responsible for advancing the state of information security across the company globally by prioritizing and executing security initiatives that drive down risk.
• We strive to understand the threat landscape affecting our development studios, the gaming industry, and the world at large to define information security policies, standards, and procedures to safeguard our business and protect our players.
• We lead efforts to build enterprise security controls ranging from endpoint protection technologies to security incident and event monitoring solutions
• We have a passion for identifying threats and vulnerabilities, and coming up with clever solutions to mitigate or remediate those risks. 

RESPONSIBILITIES

• In coordination with relevant stakeholders, perform risk and compliance assessments to identify security risks, control gaps, opportunities for improvement, and compliance with policies and standards.
• Enhance and maintain information security risk registers, control matrices, and exception process / logs. Triage and assess information security risks (e.g., for impact and likelihood) to determine applicability and severity, in support of prioritization and decision-making.  
• Collaborate with risk and remediation owners to ensure that mitigation plans are developed, tracked, implemented, and control improvements are validated for effectiveness.   
• Develop, prepare, and present regular data-driven reports, metrics, and key indicators of security risks including compliance status and remediation progress to management.
• Mature and enhance the use of GRC tooling for security risk management and associated workflows.
• Review and evaluate third-party vendors for compliance with studio security standards and practices. Identify and manage potential gaps by partnering with business and supplier stakeholders toward mitigation.   
• Support the development and iteration of security standards. 

QUALIFICATIONS

• Bachelor's degree in Computer Science, Cybersecurity, or related.
• 6+ years of experience in GRC or related cybersecurity role.
• A minimum of (3) years of experience in information security risk management, with hands-on experience working on the security risk lifecycle (e.g., managing risk register).
• Industry-recognized certifications such as CISSP, CISA, CRISC, ISO27001 Lead Implementer / Audit, or other relevant certifications.
• Strong written and verbal communication skills, with the ability to clearly articulate complex security risks to diverse technical and non-technical audiences including studio management, business operations, product and production teams, engineers, developers, IT, and security teams. 

SKILLS

• Strong knowledge and experience across information security domains.  
• Deep familiarity with the performance of security risk management, including knowledge of methodologies, pitfalls, success factors, and the development of associated processes.
• Strong understanding of security management frameworks such as ISO 27001, SOC 2, and NIST.
• Experience implementing and improving upon the use of GRC tooling. This includes establishing risk registers, exception logs, controls-library, surveys, dashboards, and reporting.
• Experience conducting security audits and risk assessments.
• Hands-on experience performing third-party vendor risk management including supplier assessment through posture and technical reviews. Experience working with Business, Legal, and Privacy teams on vendor contracts a plus. 

HOW TO APPLY

Please apply with a resume and cover letter demonstrating how you meet the skills above. If we would like to move forward with your application, a Rockstar recruiter will reach out to you to explain next steps and guide you through the process.

Rockstar is committed to creating a work environment that promotes equal opportunity, dignity and respect. In line with this commitment, Rockstar will provide reasonable accommodations to qualified job applicants with disabilities during the recruitment process in order for such applicants to be considered for the position for which they are applying, as well as to qualified employees to enable them to perform the essential functions of their roles. If you need more information about Rockstar’s reasonable accommodation policies or process, or need to request an accommodation, please contact the Human Resources Department.                                   

If you’ve got the right skills for the job, we want to hear from you. We encourage applications from all suitable candidates regardless of age, disability, gender identity, sexual orientation, religion, belief, race, or any other protected category.