Position Summary

Responsible for successfully executing enterprise-wide Information Security Operational controls and processes that protect the company’s data and functions across all business areas. Adhering to data protection standards, procedures, regulatory oversight, and technical solutions for the Information Security department.

Develop and execute a comprehensive Insider Threat strategy, responsible for program development, and effective operations of all associated controls. This position will be highly engaged cross functionally, always providing high quality security solutions to detect, assess, monitor, and respond for insider threats ranging from users to assets and manage security information to keep ahead of such threats.

Leads the Vulnerability Management program as a vulnerability management SME throughout a global technology organization with various legacy and modern systems within data centers and the cloud. Develops enterprise policy and technical standards with specific regard to vulnerability management and secure configuration.

Performs all duties in accordance with the company’s policies and procedures, all state, federal, and country laws and regulations, wherein the company operates.

In accordance with regulatory and audit requirements, this position will perform analysis of systems and programs, including the cyber-security related programs and initiatives. Delivery of activity reporting, including metrics, environment impact, effectiveness progress, and performance, and risk indicators.

• Designing and implementing an Insider Threat program leveraging technologies such Security Information Event Management - SIEM, User Behavioral Analytics - UBA, Data Loss Prevention - DLP and an understanding of the investigations and intelligence cycle
• Oversight of Vulnerability Management Program for IT, OT and Cloud assets across the enterprise
• Leadership position responsible for the independent execution and continuous improvement of the Insider Threat and Vulnerability Management programs
• Testing and maintaining security tooling, particularly for endpoint detection and investigation
• Collaborating cross-functionally with Security, IT, Human Resources, Privacy, and Legal on defining policy and investigative outcomes
• Creating and maintaining all documentation around insider threat and vulnerability management processes, procedures and necessary evidence for compliance
• Developing operational processes and alignment with cross functional teams
• Creating and documenting business process, and communicating needs inside and outside of the team
• Act on improving processes and procedures
• Maturing, or building new, TVM SLA & KPI tracking tools to ensure team and company compliance
• Utilizing threat intel and analysis tools and vendors to identify, automate, manage and prioritize continually changing threats
• Manage a team responsible for Monitoring, tracking, investigating, and reporting in compliance with security requirements, and works with the responsible parties to drive timely results and remediation
• Generates and monitors effective and actionable Information Security reporting across all Information Security technical landscape
• Research and track current security threats
• Participates in the global distribution of the enterprise Cyber-Security Operations Security Awareness training and campaigns
• Practices applicable procedures and standards that meet existing and newly developed policy and regulatory requirements (i.e., PCI-DSS, SOX, GDPR, CCPA)
• Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the organization
• Participate in on-call efforts on a rotational basis

Required Qualifications

• Strong oral and written communication skills appropriate for consultation with all levels of management
• Experience with building Insider Threat programs and associated best practices
• Vulnerability Management program leadership experience
• Experience building and training teams
• Strong problem-solving and analytical skills
• Experience in collaboration amongst multiple lines of business and geographic theaters. Multi-national enterprise experience
• The ability to thrive in a fast-paced, dynamic environment
• The ability to influence and drive change within teams and the organization
• A self-starter with a hands-on style, high level of energy, stamina, and drive
• A strong team player who is proactive and driven to achieve results
• Organizational and time management skills
• Previous senior leadership experience working as part of an enterprise Information Security team

Preferred Qualifications

• Information Security-based certification preferred (i.e., CompTIA, Network+/Security+, CEH, GIAC GSE, SANS Academy certs, or similar)

The estimated base salary range for the Associate Director, Threat and Vulnerability Management - Information Security Operations - Remote role based in the United States of America is: $167,200 - $250,800. Should the level or location of the role change during the hiring process, the applicable base pay range may be updated accordingly. Compensation decisions are dependent on several factors including, but not limited to, an individual’s qualifications, location where the role is to be performed, internal equity, and alignment with market data. Additionally, all employees are eligible for one of our variable cash programs (bonus or commission) and eligible roles may receive equity as part of the compensation package. We offer a wide range of benefits as innovative as our work, including access to genomics sequencing, family planning, health/dental/vision, retirement benefits, and paid time off.

At Illumina, we strive to foster a diverse and inclusive workplace by cultivating an environment in which everyone contributes to our mission. Built on a strong foundation, Illumina has always been rooted in openness, collaboration, and seeking alternative views and perspectives to propel innovation in genomics. We are proud to confirm a zero-net gap in pay, regardless of gender, ethnicity, or race. We also have several Employee Resource Groups (ERG) that deliver career development experiences, increase cultural awareness, and demonstrate our collective commitment to diversity and inclusion in the communities we live and work. We are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information. If you require accommodation to complete the application or interview process, please contact accommodations@illumina.com. To learn more, visit: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf. The position will be posted until a final candidate is selected or the requisition has a sufficient number of qualified applicants.

Company Description

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

• Collaborate with engineering teams to perform advanced security analysis on complex cloud systems, identifying gaps while contributing to design solutions and security requirements.
• Be a subject matter expert on information security for complex systems and applications in cloud environments.
• Ability to analyze security gaps and trends, while identifying and creating appropriate mitigating security controls and standards.
• Efficiently assess risk accurately while negotiating priorities with cross-domain stakeholders.
• Design security reference architectures and implementing/configuring security controls with an emphasis on cloud technologies.
• Develop and maintain strategic and tactical roadmaps and plans to accomplish key security objectives and initiatives.
• Be a shared owner in the secure design of Mattel’s public cloud infrastructure ensuring that appropriate security controls are incorporated.
• Build and expand the security architecture standards for both cloud and on-premise systems.
• Manage security scanning tools (network, application, and cloud services) and maintain an in-depth knowledge of remediation techniques and mitigating controls.
• Maintain a thorough understanding of security threats and attacks to identify potential vulnerabilities along with their appropriate remediations.
• Perform secure code reviews identifying potential issues while providing appropriate remediations.
• Define security metrics, along with KRI/KPI/KGIs, to communicate project status and implementation efficacy.

Required Qualifications:

• Thorough knowledge of all layers of the information security stack.
• Thorough knowledge of securing cloud computing services; Compute, Containers, Datastores, Serverless, Networking, Access Management, Cryptographic Keys
• Proven understanding of cloud computing concepts and best practices
• In depth experience with one or more cloud platforms (GCP, Azure, OCI)
• Thorough understanding of code management and deployment; Code Repositories, CI/CD pipeline, application security
• Strong knowledge of security/compliance standards and industry best practices; NIST, PCI.
• Demonstrable ability to maintain healthy working relationships with cross-domain peers.
• Proven track record of delivering security solutions given tight timelines.
• Network Security, Web Application Security, Wireless (Bluetooth, WiFi, NFC) Security
• Ability to manage and configure industry standard security scanning tools.
• Programming Languages: Java, .Net, Python, Go, Objective-C
• Bachelor’s degree with at least 10 years of professional experience
• Demonstrated a growth mindset by staying curious and continuously learning, embracing challenges, and improving themselves.

Preferred Qualifications:

• NA

Don’t meet every single requirement? At Mattel we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

How We Work:

We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:

We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:

Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in more than 195 countries in collaboration with the world’s leading retail and ecommerce companies.

Mattel is recognized as a Great Place to Work™ and as one of Fast Company’s Best Workplaces for Innovators in 2022.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Affirmative Action/Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers including minorities, females, veterans, military spouses, individuals with disabilities, and those of all sexual orientations and gender identities.

Videos to watch:

The Culture at Mattel

Mattel Investor Highlights

Summary

The candidate will be part of a team of Splunk Engineers maintaining various client's Splunk instances with a heavy emphasis on data on-boarding, content development, reporting, and visualizations. All candidates must possess prior Splunk engineering and administration experience, meet the necessary certification prerequisites, and work well in a team environment. Candidates with backgrounds supporting federal customers is a plus.

As a TZT consultant, the candidate will receive access to the full knowledge base which is driven by the True Zero community as well as the technical backing of the entire PS team. True Zero encourages collaboration and growth through information sharing and knowledge workshops. The candidate will also have access to our internal Slack channel to stay connected with the team as well as the necessary tools to train, demo, test and grow their professional skills.

Company Overview

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" (

$5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

NA

Required Qualifications:

• For this position only candidates with Top Secret Clearance w/ Full Scope Poly will be considered
• Splunk Core Certified Consultant or Architect Certification preferred but not required
• Highly qualified candidates will be trained to be Splunk Certified
• Strong experience/certifications in ITSI and/or Splunk Enterprise Security
• Experience designing and implementing ground up distributed Splunk installations including all Splunk server roles (Search Head, Indexers, Heavy Forwarders and Universal Forwarders, etc.)
• Experience with advanced configuration of Splunk including Indexer Clustering and Search Head Clustering.
• Experience maintaining and administering enterprise Splunk implementations.
• Experience developing custom Splunk content including scheduled searches, reports, dashboards, etc.
• Proficient at data on-boarding activities including custom parsing rules, custom Technology Add-On building according to Splunk's Common Information Model (CIM).
• Experience configuring indexes, index routing, retention policies, etc.
• Experience working in linux and windows environments, ability to configure:
• Storage subsystems (I.e. partitioning, Volume Groups, Logical Volumes, etc.)
• SELinux
• Familiarity with different flavors of Linux distros (RedHat, CentOS, Ubuntu, etc.)
• File Permission Settings (linux/windows)
• Excellent written and oral skills, ability to work closely with multiple customers, manage expectations, and track engagement scope.

Preferred Qualifications:

• Top Secret Clearance w/ Full Scope Poly
• Splunk Core Consultant Certification
• Splunk Enterprise Security Implementation Certification
• Splunk IT Service Intelligence certification
• Understanding of Syslog daemon configuration principles, ideally in Syslog-NG and RSyslog configurations.
• Cloud experience (AWS, Azure, etc.)
• Development and API experience (Python, Perl, XML)
• SaltStack, Ansible, and other enterprise automation tool experience.
• Hardware experience and storage experience (SAN, NAS, etc.)

U.S. Citizenship is required as this is in support of a Federal Customer.

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:

• Competitive salary, paid twice per month
• Best in class medical coverage
• 100% of medical premiums covered by True Zero
• Company wide new business incentive programs
• Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)
• 3 weeks of PTO starting + 11 Paid Holidays Annually
• 401k Program with 100% company match on the first 4%
• Monthly reimbursement of Cell Phone and Home Internet costs
• Paternity/Maternity Leave
• Investment in training and certifications to broaden and deepen your technical skills