IT Security Administrator; PXO​/Sony Pictures

Overview

IT Security Administrator to join PXO / Sony Pictures London. Provide expert guidance on IT security, contribute to the development of policies and procedures, and support the maintenance of enterprise-wide security solutions across multiple global regions. You will have decision-making responsibility within your area of expertise, ensuring clear ownership and accountability. The ideal candidate will have a strong understanding of IT infrastructure and information security in large-scale, fast-paced environments.

• Lead and coordinate incident response remediation activities across the Office tenant and related infrastructure.
• Oversee the application security request review process, including white paper evaluations and coordination with Info Sec teams.
• Conduct Infosec Criticality Assessments (ICAs) and participate in DAART and IR meetings.
• Represent PXO in Sony CISO meetings and ensure alignment with broader Sony Info Sec policies.
• Enforce Sony security policies and standards in production environments.
• Manage and maintain IT Risk Register.
• Coordinate client security audits and support external certifications (e.g., TPN).
• Complete and manage client security questionnaires during bidding or audit processes.
• Conduct internal penetration tests and vulnerability assessments to proactively identify and mitigate security risks.
• Manage the firewall whitelisting and approval process.
• Oversee vulnerability and patch management workflows.
• Maintain sandbox and production environments; support workflow and network hardening (e.g., Microsoft 365, HiBob).
• Own and manage I/O and data transfer security procedures.
• Participate in systems design and implementation from a security perspective.
• Develop user and technical security documentation and training resources.
• Document and maintain critical security and infrastructure policies, e.g., Incident Response Plan, Business Continuity Plan, Change Management Procedures, and Disaster Recovery Plan.
• Test and improve Disaster Recovery capabilities and identify process gaps.
• Advise on on-set data handling procedures, ensuring certified media and secure practices are in place.
• Act as the liaison between IT/Info Sec and Legal on GDPR, data retention policies, and compliance matters.
• Ensure proper documentation, communication, and enforcement of data protection practices in line with regulatory standards.

• Five plus years of hands-on experience in security and/or infrastructure within an enterprise environment.
• Familiarity with enterprise information security standards such as Cyber Essentials, ISO 27001, 27002, Data Protection Act, and GDPR.
• Proficiency in Microsoft O365 Security solutions, Networking, Security operations, Vulnerability Management, and Security Auditing.
• Experience in security testing, vulnerability scanning, and risk management.
• Ability to create formal documents such as reports or procedures.
• Detailed knowledge of Microsoft O365 environment, Threat Intelligence analysis, Security Incident Response, and Disaster Recovery principles.
• Strong interpersonal skills, analytical mindset, and ability to communicate in non-technical language.
• Good organisational skills and the ability to manage and prioritise workload, with experience in key security areas such as Zero Trust architecture, secure remote access, and security practices relevant to the digital content / VFX industry (e.g., TPN); familiarity with SIEM tools such as Splunk is highly desirable.
• An ITIL certification or similar would be preferred.

Pixomondo is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. Benefits may vary by location due to regional regulations and company policies. PXO does not accept resumes from recruiters. Unsolicited resumes are accepted directly from candidates only. PXO will not pay any fees associated with unsolicited resumes.