Senior Information Security Analyst, Global Security Risk; FTC United Kingdom

Senior Information Security Analyst, Global Security Risk (12 month FTC)

United Kingdom, London

Why Play Station?

Play Station isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The Play Station family of products and services including Play Station®5, Play Station®4, Play Station®VR, Play Station®Plus, acclaimed Play Station software titles from Play Station Studios, and more.

Play Station also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

The Play Station brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation.

Play Station is looking for a Senior Information Security Analyst for a 12-month fixed-term contract to join our team and operate the day-to-day Information Security, Risk and Compliance management processes. This is a mixture of processing requests from the business and driving internal security projects such as updating processes and frameworks. This role requires a sound understanding of technical and engineering terminology, and an outstanding ability to articulate risk across any security domains (technical and governance) with the proven ability to work independently and process high volumes of security requests on a weekly basis.

This role also provides ample opportunity to work across technical and game-related projects with studio and Play Station engineering teams and therefore requires risk advisory and influencing experience.

Based in London, you will act as a primary business relationship partner for several European Play Station Studios, providing risk advisory services. This role will liaise directly with business, technical and third-party stakeholders, as well as work collaboratively with our other Information Security specialist teams across the globe to protect Play Station’s intellectual property, data and infrastructure whilst delivering new and evolving games, services and hardware to the market.

This is an opportunity to provide security directly to the global Play Station business and our global Studios and their game development.

What you’ll be doing:

• Review, triage, risk assess and process security requests from technical, engineering and business stakeholders that require security input and approvals.
• Work independently to understand stakeholder requirements and the security risk involved. Use security policy, process and information security expertise to advise stakeholders on appropriate solutions that do not open Play Station up to security risks.
• Review security requirements associated with third party engagement requests and determine what level of third-party assurance is required.
• Initiate and support the third-party due diligence and assurance assessment processes and able to articulate and advise on associated risks to the business, contractual requirements and resulting recommendations.
• Articulate and communicate risk to relevant stakeholders, whilst with technical teams, partners, and leadership teams to translate security risk into mitigation plans into action items.
• Negotiates, tracks and reports these remediation efforts within the Play Station risk programme.
• Coordinates all aspects of information security and provides consulting services to business units and other partners.
• Works with business partners from across Play Station and Studios to identify and implement information security requirements related to projects and engagements.
• Monitors and reviews IT security controls to identify operational efficiency.
• Performing security audits related to critical systems and prioritized business scopes.
• Triage information security incidents, working with our 24/7 SOC teams, business partners and related third parties, as well as being responsible for reporting and raising where necessary.
• Works with GRC and other security tools to collect and maintain security and risk information.
• Maintains broad knowledge of industry…