Sr. Information Security Engineer
Sr. Information Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
WHO WE ARE
Headquartered in New York City Take-Two Interactive Software Inc. is a leading developer publisher and marketer of interactive entertainment for consumers around the globe. We develop and publish products principally through Rockstar Games 2K and Zynga. Our strategy is to create hit entertainment experiences delivered on every platform relevant to our audience through a variety of sound business models. Our pillars - creativity innovation and efficiency - guide us as we strive to create the highest quality most captivating experiences for our consumers. The Companys common stock is publicly traded on NASDAQ under the symbol TTWO. For more corporate and product information please visit our website at.
While our offices (physical and virtual) are casual and inviting we are deeply committed to our core tenets of creativity innovation and efficiency and individual and team development opportunities. Our industry and business are continually evolving and fast-paced providing numerous opportunities to learn and hone your skills. We work hard and have fun. We believe our workplace is a great environment to pursue your passions.
THE CHALLENGE
In todays highly interconnected digital ecosystem managing cyber risks across the supply chain is essential to securing our enterprise. The increasing reliance on third-party software and service providerscoupled with the growing sophistication of supply chain-based cyber threatsrequires a strategic proactive approach to risk identification and mitigation.
Thats where you come in. We are seeking a seasoned Information Security Engineer to play a vital role in fortifying our end-to-end cyber supply chain security risk management this role you will assess and manage cyber risks associated with external partners suppliers platforms and integrationsensuring that our technology ecosystem remains resilient and compliant. You will collaborate closely with Label partners and information security engineering product security security operations risk management and other information security teams to evaluate supplier security posture monitor for cyber supply chain vulnerabilities and implement robust risk mitigation strategies. Your efforts will directly support the business by enabling secure reliable and compliant supplier relationships across the enterprise.
WHAT YOULL TAKE ON
- Conduct comprehensive cyber risk assessments on suppliers vendors and third-party service providers leveraging questionnaires and technical assessments.
- Evaluate and review technical integrations with third-party systems services and APIs/SDKs to ensure secure architecture and data flows including verification of security configurations and controls.
- Collaborate with architecture engineering and Label-partner technical integration teams to assess risks introduced through direct and indirect system integrations and define security requirements for third-party contracts and security addendums.
- Collaborate with the C-SCRM Lead to develop and maintain a cyber supply chain cybersecurity risk management strategy aligned with industry standards (e.g. NIST SP 800-161 etc.) tailored to the Companys strategic objectives and regularly updated based on evolving threats and regulations.
- Monitor and evaluate third-party risk indicators and threat intelligence relevant to cyber supply chain operations including security ratings vulnerability disclosures and security incidents potentially utilizing security monitoring tools and threat intelligence platforms.
- Recommend and define specific security requirements and guidelines for third-party connections proposing controls and mitigation strategies for cyber supply chain risks including compensating controls when necessary and validating the implementation of these controls.
- Collaborate with internal teams during incident response scenarios involving cyber supply chain partners including investigation communication and reporting if needed.
- Track and report on supply chain cyber risks and control effectiveness to senior leadership through defined metrics and key performance indicators (KPIs) in a clear and concise manner communicating risk findings and remediation efforts to relevant stakeholders.
- Stay updated on current threats vulnerabilities and regulatory changes impacting the cyber supply chain landscape through continuous learning participation in industry forums and professional development and evaluate and recommend new tools and technologies for supply chain risk management.
WHAT YOU BRING
- Bachelors degree in Information Security Network Security or Information Technology or a related field (or equivalent work experience).
- 5 years of experience in information security risk management or cyber supply chain security with a strong understanding of cloud security principles (AWS Azure GCP).
- Strong understanding of information security risk assessment methodologies particularly in the context of system and application integration including experience with security assessment tools and techniques (e.g. vulnerability scanners threat intelligence platforms and knowledge of penetration testing methodologies).
- Familiarity with technologies and protocols commonly used in system-to-system communication (e.g. REST APIs SAML/OAuth secure data transfer mechanisms) and network security concepts.
- Knowledge of industry frameworks and standards such as NIST CIS and familiarity with data privacy regulations (e.g. GDPR CCPA).
- Experience with third-party risk management platforms (e.g. BitSight SecurityScorecard RiskRecon) and exposure to GRC principles and platforms.
- Excellent analytical communication (both written and verbal) including the ability to translate complex technical risks into business-understandable language.
- Demonstrated problem-solving and critical thinking abilities.
- Relevant professional certifications including both broad cybersecurity credentials (e.g. CISSP) and hands-on technical certifications in defensive and offensive security (e.g. PJPT Net PenTest CySA) are highly desirable.
WHAT WE OFFER YOU
- Great Company Culture. Ranked as one of the most creative and innovative places to work creativity innovation efficiency diversity and philanthropy are among the core tenets of our organization and are integral drivers of our continued success.
- Growth. As a global entertainment company we pride ourselves on creating environments where employees are encouraged to be themselves inquisitive collaborative and to grow within and around the company.
- Work Hard Play Hard.Our employees bond blow-off steam and flex some creative muscles through corporate boot camp classes company parties game release events monthly socials and team challenges.
- Benefits. Medical dental vision pension plan employee stock purchase plan in-house wellness program broad learning & development opportunities a charitable giving platform with company match and more!
- Perks. Fitness allowance employee discount programs free games & events stocked pantries and more.
Take-Two Interactive Software Inc. (T2) is proud to be an equal opportunity employer which means we are committed to creating and celebrating diverse thoughts cultures and backgrounds throughout our organization. Employment at T2 is based on substantive ability objective qualifications and work ethic not an individuals race creed color religion sex or gender gender identity or expression sexual orientation national origin or ancestry alienage or citizenship status physical or mental disability pregnancy age genetic information veteran status marital status status as a victim of domestic violence or sex offenses reproductive health decision or any other characteristics protected by applicable law.
Please be aware that Take-Two does not conduct job interviews or make job offers over third-party messaging apps such as Telegram WhatsApp or others. Take-Two also does not engage in any financial exchanges during the recruitment or onboarding process and the Company will never ask a candidate for their personal or financial information over an app or other unofficial chat channel. Any attempt to do so may be the result of a scam or phishing exercise. Take-Twos in-house recruitment team will only contact individuals through their official Company email addresses (i.e. via a email domain). If you need to report an issue or otherwise have questions please contact
Required Experience:
Senior IC
Employment Type
Full Time
