Director, Enterprise Security Architecture & Assurance

Company Description

CREATIVITY IS OUR SUPERPOWER.It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day.

We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

The Director, Enterprise Security Architecture & Assurance leads Mattel’s security assessment, vulnerability management, application security, and cloud security functions. This role ensures security is embedded by design across Mattel’s enterprise platforms, digital products, cloud services, and third‑party ecosystem.

The Director is a member of the Cyber Security Leadership Team and a standing member of the Enterprise Architecture Council, influencing enterprise security strategy, architecture standards, and technology decisions to protect Mattel’s brands, consumer data, and intellectual property.

• Lead enterprise security assessments, including third‑party, vendor, and supply chain risk evaluations as well as M&A security due diligence.
• Define assessment methodologies aligned to NIST, ISO, and SOC 2 standards.
• Partner with Legal, Privacy, Procurement, and business leaders to communicate risk and remediation priorities.

• Own Mattel’s enterprise vulnerability management program across infrastructure, applications, and cloud.
• Work closely with operational IT and Engineering teams to remediate vulnerabilities and control deficiencies.
• Establish risk‑based prioritization, remediation SLAs, and executive‑level reporting.
• Define and track vulnerability and control‑maturity metrics, providing regular reporting to senior leadership and supporting Board‑level cyber risk visibility.

• Define and govern cloud security architecture for public and hybrid cloud environments.
• Establish cloud security guardrails, reference architecture, and patterns aligned to shared responsibility models to enable secure and scalable cloud adoption.
• Lead the application security program, including secure SDLC practices and code reviews aligned to OWASP.
• Oversee application security tooling and automation (e.g., SAST, DAST, SCA) to scale secure development practices.
• Partner with engineering teams to embed security into cloud‑native and application designs.

• Serve on the Enterprise Architecture Council, ensuring security and privacy are embedded in technology standards and design decisions.
• Review and influence major architecture initiatives and platform investments to ensure alignment with enterprise security strategy and risk posture.

• Actively contribute as a member of the Cyber Security Leadership Team, shaping strategy, roadmap, and investment priorities.
• Advise senior leaders on security risk, architectural tradeoffs, and control maturity.
• Act as a trusted advisor to executive stakeholders on emerging threats, control gaps, and risk acceptance decisions.

• Build and lead high‑performing security teams and strategic partners.
• Drive a culture of accountability and continuous security improvement.

What We’re Looking For:

• 10+ years in cybersecurity or security architecture, with 5+ years in senior leadership roles, including leading managers or enterprise‑scale security programs.
• Expertise in security assessments, vulnerability management, cloud security, and application security.
• Strong knowledge of NIST, ISO 27001, SOC 2, and OWASP.
• Proven ability to partner with operational teams to drive risk remediation.

• Experience supporting consumer‑facing digital platforms or global brands.
• M&A security due diligence experience.
• CISSP, CISM, and/or cloud security certifications.

* The pay range is indicative of projected hiring range, however base pay will be…