Senior Information Security Specialist, Electronic Arts
TITLE: Senior Information Security Specialist
REPORTS TO: Sr. Manager – Information Security
DIVISION: Worldwide IT (WWIT)
The Senior Information Security Specialist is a key member of the Global Security and Risk Management (SRM) team which provides information security and risk management support for EA’s business worldwide. This position will be focused on all aspects of Information Security and Architecture within the context of the SRM service portfolio. Information Security has a particular emphasis on all aspects of infrastructure and data security, including consultancy type services as it relates to protecting EA. The work of the Information Security team supports business by prioritizing innovative, security initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
The position works closely with the various EA business units and technology departments, and requires the ability to balance business needs with security and corporate standards. The role will also be responsible for participating in security engineering activities such as security design and architectural reviews, as well as testing and deployment reviews. The successful candidate will provide the expertise required to provide effective high-quality and timely subject matter expertise, input, and guidance on Information Security. This role and group is ‘business facing’ and ‘consultative’ in nature as well as being ‘hands-on’ in terms of delivery. To that end, the successful candidate needs to demonstrate an aptitude toward building lasting partnerships, relationships and trust within EA’s business units and, at the same time, be equipped to talk with authority around a wide range of technical and procedural matters pertaining to Security and Risk Management.
The Senior Information Security Specialist is expected to be aware of EA’s security goals as established by its stated policies, procedures and guidelines. This role should quickly become proficient in all aspects of company’s products and systems regarding their functionality and associated technologies.
The successful candidate will have extensive knowledge of technology offerings and should have hands on experience in implementing and using technology and security platforms/solutions. This individual should be detail and process oriented, possess good troubleshooting skills and be able to demonstrate problem-solving abilities. In addition, he or she should have a strong security background with knowledge of current security best practices.
The successful candidate will work alongside colleagues spanning the globe. Due to time zone differences, the ability to work independently for parts of the work-day is required. This position may require occasional national and international travel.
ESSENTIAL JOB FUNCTIONS:
• Act as advocate and primary liaison for the Information Security vision within Governance, Risk and Compliance (GRC).
• Work closely with IT department on corporate technology development to secure information, computer, network, and processing systems.
• Provide guidance and architecture review of proposed security and business functions or practices.
• Work with Enterprise Architecture Services (EAS) to develop a comprehensive IT Security Architecture Guidance standard.
• Assess and communicate all security risks associated with any and all practices performed by the company.
• Identifies security issues and provides the appropriate resolution or may make recommendations to Sr. Management on how escalated issues can be resolved.
• Creatively and independently provide resolution to security problems in a cost-effective manner.
• Produce written technical reports and/or develop presentations on Global IT security activities.
• Participate in the planning and design of enterprise security architecture
• Participate in the creation of global security documents (policies, standards, baselines, guidelines and procedures)
• Maintain up-to-date detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and regulatory and compliance issues. Advise, counsel, and educate executive and management teams on their relative importance.
• Lead and assist in the evaluation and development of security capabilities, policies, and practices.
• Participate in the incident response process as necessary including investigating suspicious behavior.
• Participates in periodic information systems risk assessments.
• Provide governance and due-diligence within the IT helpdesk ticketing system to approve security related changes within the EA environment.
JOB QUALIFICATIONS / REQUIRED SKILLS:
A successful track record and at least eight years of experience in technology and information security. Ideally, this experience would have been gained within an Online or specifically and Online Services type environment. Media Entertainment or related verticals would be an advantage.
At least five years of experience being responsible for reviewing and recommending security business solutions.
Demonstrated knowledge of recognized security industry standards and leading practices (e.g., PCI, OWASP, NIST, DISA, CIS, etc.)
Strong knowledge of network technologies and platforms (e.g., TCP/IP, routing protocols, subnet, VLAN, QoS, MPLS, access control list, firewall, router, switch, VPN, load balancer, network traffic analysis, IDS/IPS, proxy, etc.).
Strong knowledge of server and workstation technologies and platforms (e.g., Windows, Unix, Linux, Macs, etc.).
Strong knowledge of middleware technologies and platforms (e.g., databases, web server, application servers, etc.).
Strong knowledge of virtualization and cloud technologies, platforms, and services.
Strong knowledge of directory, identity, authentication, and access management technologies (e.g., AD, LDAP, SSO, AD FS, multi-factor authentication, TACACS+, Radius, etc.)
Broad knowledge of security technologies, solutions, and tools (e.g., encryption technologies, SIEM, DLP, AV, port scanners, vulnerability scanners, etc.).
A high level knowledge of physical security strategies, devices and deployment objectives.
Experience with programming and scripting languages (e.g., PHP, .NET, Java, C, Perl, etc.).
Broad knowledge of operational and security processes/controls (e.g., vulnerability management, patch management, configuration management, access management, etc.).
Solid understanding of assessing and designing security controls in an enterprise-level environment.
Broad understanding of how to conduct risk assessments and the associated methodologies involved in risk mitigation and the presentation of this work.
Exceptionally self-motivated, directed, detail-oriented with strong sense of ownership.
Ability to work very independently with minimum direction work effectively in a highly complex and dynamic environment.
Must be able to learn, understand and apply new technologies.
Strong analytical and problem-solving abilities.
Excellent written and verbal communications skills.
Demonstrated ability to meet stringent project deadlines and be able to adapt and react to project adjustments and alterations promptly and efficiently
Minimum BA or BS in Management Information Systems, Computer Science, or related field.
Certifications in one or more of the following areas required: CISSP, CISM, GISO, GCIH
Qualified candidates should contact:
Recruiter – Electronic Arts
11501 Domain Dr, Bldg 5 Suite 250
Austin, TX 78758