About this Opportunity

Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security.

The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from existing and emerging security risks & improve application risk posture.

• Assist in the execution of Application Security Testing (Ethical App Pentest / FOSS / Static or Dynamic Security Testing / Threat Modeling) within the bounds of the Processes and DTCC Control Standards.
• Support data-to-day activities related to Application Security functions.
• Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk, and escalate where applicable.
• Collaborate with application development teams on application security assessments.
• Assists others on own team, or other teams where applicable.
• Actively contribute subject matter expert knowledge to the Security Mavens Community.
• Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; escalates appropriately

Required Qualifications

• Minimum of 4 years of related experience

Preferred Qualifications

• Bachelor's degree preferred or equivalent experience
• Fosters a culture where honesty and transparency are expected.
• Stays current on changes in his/her own specialist area and seeks out learning opportunities to ensure knowledge is up-to-date.
• Collaborates well within and across teams.
• Communicates openly with team members and others.
• Resolves disagreements between colleagues effectively, minimizing the impact on the wider team.

NA

Position Summary

Responsible for successfully executing enterprise-wide Information Security Operational controls and processes that protect the company’s data and functions across all business areas. Adhering to data protection standards, procedures, regulatory oversight, and technical solutions for the Information Security department.

Develop and execute a comprehensive Insider Threat strategy, responsible for program development, and effective operations of all associated controls. This position will be highly engaged cross functionally, always providing high quality security solutions to detect, assess, monitor, and respond for insider threats ranging from users to assets and manage security information to keep ahead of such threats.

Leads the Vulnerability Management program as a vulnerability management SME throughout a global technology organization with various legacy and modern systems within data centers and the cloud. Develops enterprise policy and technical standards with specific regard to vulnerability management and secure configuration.

Performs all duties in accordance with the company’s policies and procedures, all state, federal, and country laws and regulations, wherein the company operates.

In accordance with regulatory and audit requirements, this position will perform analysis of systems and programs, including the cyber-security related programs and initiatives. Delivery of activity reporting, including metrics, environment impact, effectiveness progress, and performance, and risk indicators.

• Designing and implementing an Insider Threat program leveraging technologies such Security Information Event Management - SIEM, User Behavioral Analytics - UBA, Data Loss Prevention - DLP and an understanding of the investigations and intelligence cycle
• Oversight of Vulnerability Management Program for IT, OT and Cloud assets across the enterprise
• Leadership position responsible for the independent execution and continuous improvement of the Insider Threat and Vulnerability Management programs
• Testing and maintaining security tooling, particularly for endpoint detection and investigation
• Collaborating cross-functionally with Security, IT, Human Resources, Privacy, and Legal on defining policy and investigative outcomes
• Creating and maintaining all documentation around insider threat and vulnerability management processes, procedures and necessary evidence for compliance
• Developing operational processes and alignment with cross functional teams
• Creating and documenting business process, and communicating needs inside and outside of the team
• Act on improving processes and procedures
• Maturing, or building new, TVM SLA & KPI tracking tools to ensure team and company compliance
• Utilizing threat intel and analysis tools and vendors to identify, automate, manage and prioritize continually changing threats
• Manage a team responsible for Monitoring, tracking, investigating, and reporting in compliance with security requirements, and works with the responsible parties to drive timely results and remediation
• Generates and monitors effective and actionable Information Security reporting across all Information Security technical landscape
• Research and track current security threats
• Participates in the global distribution of the enterprise Cyber-Security Operations Security Awareness training and campaigns
• Practices applicable procedures and standards that meet existing and newly developed policy and regulatory requirements (i.e., PCI-DSS, SOX, GDPR, CCPA)
• Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the organization
• Participate in on-call efforts on a rotational basis

Required Qualifications

• Strong oral and written communication skills appropriate for consultation with all levels of management
• Experience with building Insider Threat programs and associated best practices
• Vulnerability Management program leadership experience
• Experience building and training teams
• Strong problem-solving and analytical skills
• Experience in collaboration amongst multiple lines of business and geographic theaters. Multi-national enterprise experience
• The ability to thrive in a fast-paced, dynamic environment
• The ability to influence and drive change within teams and the organization
• A self-starter with a hands-on style, high level of energy, stamina, and drive
• A strong team player who is proactive and driven to achieve results
• Organizational and time management skills
• Previous senior leadership experience working as part of an enterprise Information Security team

Preferred Qualifications

• Information Security-based certification preferred (i.e., CompTIA, Network+/Security+, CEH, GIAC GSE, SANS Academy certs, or similar)

The estimated base salary range for the Associate Director, Threat and Vulnerability Management - Information Security Operations - Remote role based in the United States of America is: $167,200 - $250,800. Should the level or location of the role change during the hiring process, the applicable base pay range may be updated accordingly. Compensation decisions are dependent on several factors including, but not limited to, an individual’s qualifications, location where the role is to be performed, internal equity, and alignment with market data. Additionally, all employees are eligible for one of our variable cash programs (bonus or commission) and eligible roles may receive equity as part of the compensation package. We offer a wide range of benefits as innovative as our work, including access to genomics sequencing, family planning, health/dental/vision, retirement benefits, and paid time off.

At Illumina, we strive to foster a diverse and inclusive workplace by cultivating an environment in which everyone contributes to our mission. Built on a strong foundation, Illumina has always been rooted in openness, collaboration, and seeking alternative views and perspectives to propel innovation in genomics. We are proud to confirm a zero-net gap in pay, regardless of gender, ethnicity, or race. We also have several Employee Resource Groups (ERG) that deliver career development experiences, increase cultural awareness, and demonstrate our collective commitment to diversity and inclusion in the communities we live and work. We are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information. If you require accommodation to complete the application or interview process, please contact accommodations@illumina.com. To learn more, visit: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf. The position will be posted until a final candidate is selected or the requisition has a sufficient number of qualified applicants.

Company Description

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

• Collaborate with engineering teams to perform advanced security analysis on complex cloud systems, identifying gaps while contributing to design solutions and security requirements.
• Be a subject matter expert on information security for complex systems and applications in cloud environments.
• Ability to analyze security gaps and trends, while identifying and creating appropriate mitigating security controls and standards.
• Efficiently assess risk accurately while negotiating priorities with cross-domain stakeholders.
• Design security reference architectures and implementing/configuring security controls with an emphasis on cloud technologies.
• Develop and maintain strategic and tactical roadmaps and plans to accomplish key security objectives and initiatives.
• Be a shared owner in the secure design of Mattel’s public cloud infrastructure ensuring that appropriate security controls are incorporated.
• Build and expand the security architecture standards for both cloud and on-premise systems.
• Manage security scanning tools (network, application, and cloud services) and maintain an in-depth knowledge of remediation techniques and mitigating controls.
• Maintain a thorough understanding of security threats and attacks to identify potential vulnerabilities along with their appropriate remediations.
• Perform secure code reviews identifying potential issues while providing appropriate remediations.
• Define security metrics, along with KRI/KPI/KGIs, to communicate project status and implementation efficacy.

Required Qualifications:

• Thorough knowledge of all layers of the information security stack.
• Thorough knowledge of securing cloud computing services; Compute, Containers, Datastores, Serverless, Networking, Access Management, Cryptographic Keys
• Proven understanding of cloud computing concepts and best practices
• In depth experience with one or more cloud platforms (GCP, Azure, OCI)
• Thorough understanding of code management and deployment; Code Repositories, CI/CD pipeline, application security
• Strong knowledge of security/compliance standards and industry best practices; NIST, PCI.
• Demonstrable ability to maintain healthy working relationships with cross-domain peers.
• Proven track record of delivering security solutions given tight timelines.
• Network Security, Web Application Security, Wireless (Bluetooth, WiFi, NFC) Security
• Ability to manage and configure industry standard security scanning tools.
• Programming Languages: Java, .Net, Python, Go, Objective-C
• Bachelor’s degree with at least 10 years of professional experience
• Demonstrated a growth mindset by staying curious and continuously learning, embracing challenges, and improving themselves.

Preferred Qualifications:

• NA

Don’t meet every single requirement? At Mattel we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

How We Work:

We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:

We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:

Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in more than 195 countries in collaboration with the world’s leading retail and ecommerce companies.

Mattel is recognized as a Great Place to Work™ and as one of Fast Company’s Best Workplaces for Innovators in 2022.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Affirmative Action/Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers including minorities, females, veterans, military spouses, individuals with disabilities, and those of all sexual orientations and gender identities.

Videos to watch:

The Culture at Mattel

Mattel Investor Highlights