Executive Director, Application Security Architect

Join to apply for the Executive Director, Application Security Architect role at Sony Pictures Entertainment

6 days ago Be among the first 25 applicants

Join to apply for the Executive Director, Application Security Architect role at Sony Pictures Entertainment

We are seeking a visionary and hands-on Executive Director of Security Architecture with mature skill in Application Security/Dev Sec Ops , Data Security and Cloud who will excel in leading the strategic design, implementation, and continuous improvement of Sony Pictures application security posture. This is a highly influential role, requiring both deep technical expertise and business-aligned leadership. The ideal candidate will have previous experience in application architecture and engineering and is now focused on information and cybersecurity to define robust security design patterns, reference architecture across applications, data, and cloud environments, proactively addressing cyber risks and promoting secure coding practices aligned with the Sony Pictures goals.



Key Responsibilities

• Strategic Vision:
  Develop and articulate a comprehensive security architecture strategy for application, data and cloud for Sony Pictures information and content assets. Continuously evaluate emerging threats and industry best practices to evolve our security posture.
• Define, document, and promote security architecture, Dev Sec Ops , and technical standards throughout Sony Pictures.
• Lead the development and implementation of comprehensive security architecture strategies for application, data and cloud environments to protect against current and emerging threats.
• Architecture Design and Engineering:
  Lead hands-on design and implementation reviews of security solutions across application, data and cloud domains. Thoroughly assess security risks in existing and planned systems and infrastructure. Define technical security standards and governance processes.
• Lead security architecture review processes, ensuring all new systems and changes to existing systems comply with Sony’s security standards.
• Conduct in-depth assessments of current security architectures, identify threats and vulnerabilities, and develop mitigation strategies.
• Recommend design patterns and security best practices for technology and application implementations.
• Security Solution Evaluation and Selection:
  Research, evaluate, and recommend cutting-edge security technologies and tools. Oversee proof-of-concept initiatives and guide vendor selection.
• Conduct market research to assess the landscape of available security solutions in specific areas (e.g., data security, cloud security, application security).
• Liaise with IT and security operations teams to define and orchestrate POC testing for shortlisted security solutions.
• Enterprise Security:
  Work closely with IT infrastructure, application development, Dev Sec Ops , and business stakeholders to embed application security principles throughout all phases of technology development and deployment.
• Develop and maintain security architecture documentation and standards.
• Collaborate with IT and business units to integrate security best practices into the development lifecycle of projects and technology initiatives.
• Governance and Compliance Maintain a deep understanding of security regulations and frameworks (e.g., NIST, ISO 27001, PCI DSS, OWASP, SAFECode) for designing systems and processes that not only protect data but also demonstrate adherence to industry standards and regulations.

• Mastery of Security Architecture Principles:
  Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), AI Security, Product Security, Threat modeling, GPDR and privacy, vulnerability assessment techniques, Dev Sec Ops , Secure Coding Principles and Practices.
• Application Security Expertise:
  Demonstrated experience with Full Stack Web App/API, firewalls (WAFs), secure software development life cycles (S-SDLCs), Dev Sec Ops , IaC, Docker/Container Security, Data Security,…