Information Security Analyst at PlayStation Global

Information Security Governance, Risk and Compliance is looking for a Security Awareness Analyst to become a member of the team at PlayStation. Located within regular commuting distance of our Rancho Bernardo San Diego, CA office, the successful candidate will develop, build, and deliver an outstanding Security Awareness Program to employees worldwide. With so much creative talent at PlayStation, the possibilities are many and really only limited by the imagination and influence of the individual!

Responsibilities

1. Program Development [20%]

• Contribute and support an engaging Security Awareness Program that influences attitudes and changes behaviors to build a safer work environment.
• Ensure the Program meets Sony Group compliance requirements and relevant industry regulations and standards.
• Communicate the Program to other teams and promote its adoption, taking into consideration different cultures, nationalities and languages.
• Solicit feedback from colleagues and partners to identify gaps and opportunities to evolve the Program.
• Continuously evaluate and manage Program vendors and services.
• Analyze metrics, derive insights, and prepare consolidated reporting illustrating the impact of the Program efficiency.

1. Operations [40%]

• Acquire and curate content for the Program.
• Regularly deliver cyber security training globally.
• Regularly deliver simulated phishing emails globally.
• Oversee the delivery of training and phishing in business units outside the Program.
• Solve user issues and liaise with internal customers and external vendors to resolve them.
• Administrate SaaS services used to deliver training and simulated phishing emails.
• Regularly prepare and send reports to management.
• Create engaging content to ensure that the Program message is heard and applied in diverse and original forms (e.g. articles, posters, board games, videos, fliers, learning modules).
• Publish content to Intranets.
• Coordinate the delivery of security advisories and urgent communications to a global employee audience through the Corporate Communications department.
• Organize and host events through a variety of mediums (e.g. online webinars, lunch-and-learns, workshops, and seminars).
• Conduct security awareness assessments and surveys to gauge employee knowledge and behavior.
• Monitor the Program mailbox and respond to queries from employees.
• Provide support and guidance to employees on security-related issues and standard methodologies.
• Remain up-to-date on the latest cybersecurity threats and trends to update training content accordingly.
• Assist in the development and enforcement of security policies and procedures.
• Other duties as prescribed by the Program.

1. Project Management [40%]

• Plan and deliver engaging activities for Cyber Security Month in October.
• Introduce new Program improvements:
• Assess the feasibility of new improvement opportunities.
• Develop a plan that explains objectives, benefits, design, implementation tasks, timings, operational roles and responsibilities, communications, training and support.
• Influence team members to get their support.
• Collaborate with domain experts and provide technical requirements.
• Motivate contributors to complete tasks against agreed deadlines.
• Prepare regular status reports on progress and call out challenges or delays.
• Develop performance indicators and measure the impact.
• Prioritize and balance multiple projects simultaneously.

Experience and Skills

• Minimum 2 years of cyber security experience.
• A bachelor's degree or equivalent experience in cyber security, marketing, education, or a related field.
• Experience presenting to large audiences at workshops/events/seminars either as trainer or an authority on the presentation material.
• Confident “people person” that can casually establish and maintain productive working relationships.
• Good communication and presentation skills, knowledge of cyber security principles, and the ability to create engaging training content.
• Ability to take complex topics and form simple and concise messaging.
• Professional writer, able to research and prepare timely, high quality, clearly written materials free of grammatical errors and spelling mistakes.
• Good knowledge of Office 365.
• CISSP, CISM or ISO/IEC 27001 Lead Implementer an advantage.

#LI-GM1