World Wrestling Entertainment Inc. (WWE) with headquarters located in Stamford, Connecticut is seeking a Sr. Manager of Information Security to support the company's cybersecurity posture and data security initiatives.
The Sr. Manager, Information Security will report into the VP, Information Security and Technology Risk Management and will manage the organization's programs relating to vendor risk management, system security controls, and data security. This position will also work closely with members from the cybersecurity engineering team, the Legal Affairs and Enterprise Technology departments and the Data Privacy Working Committee.
The role of the Sr. Manager, Information Security will be responsible for maintaining and maturing the organization's Third-Party Risk Management Program, the Information Security Controls (ISC) Program, and Information Security Awareness. In addition to establishing global security policies, assisting in the maturing of other cybersecurity programs, and fostering a data security and privacy culture.
The successful candidate will have hands-on and practical experience in areas of cyber and data security, security controls, security methodologies and frameworks, including experience in establishing both technical and organizational controls to protect the confidentiality, integrity, and availability of data.
- Manage the organization's Vendor Risk Management (VRM) Program conducting security assessments of existing and new third and fourth parties, business partners, and affiliates.
- Work closely with the Legal Affairs department in the review and approval of specific security specifications, security exhibits, and contract agreements.
- Conduct IT system and application security assessments, providing required specifications and security controls to system owners.
- Interacts with various business and technical teams in the development and deployment of cybersecurity controls, standards, and policies.
- Continuously evaluates existing data security controls for effectiveness and efficiency.
- Participates in security and data compliance programs.
- Performs periodic entitlement review of critical systems, applications, and services.
- Work with the cyber and technology teams in the deployment of tools and processes for data protection and security.
- Manage the organization's Cybersecurity Awareness Programs and e-Learning platform.
- Establishes and maintains key performance indicators (KPIs) and metrics that support the vendor and internal security assessment programs.
- Four-year degree in computer science or related combined work/education experience.
- Minimum of five years' experience in Cybersecurity/Information Security.
- Industry certifications, including Certified Information Systems Security Professional (CISSP) and/or Certified Cloud Security Professional (CCSP) a plus.
- Strong working knowledge of cybersecurity tools and technologies, including NGFW, IDS/IPS, UTM, WAF, NAC, DLP, SIEM and endpoint protection.
- Experience working within a global, IT organization.
- Experience in supporting IT infrastructures.
- Strong knowledge in cloud security architectures, including IaaS, PaaS, and SaaS.
- Experience in or knowledge of Microsoft Azure and/or Google security practices a plus.
- Experience in or knowledge of AWS cloud security a plus.
- Knowledge of TCP/IP, routing and switching technologies.
- Knowledge of the Open Systems Interconnectionmodel(OSI model).
- Experience in the implementation of CIS controls in a practical and systematic manner.
- Knowledge of NIST 800-53 and NIST Cyber Security Framework (CSF).
- Knowledge in Microsoft Windows Server, file/folder access permissions and Active Directory Services (ADS) administration.
- Knowledge of Linux platforms and administration.
- Experience in application security and role-based access controls.
- Experience with Prevalent 3GRC platform a plus.
- Experience with BitSight (Business intelligence) platform a plus.
- Experience with ProofPoint/Wombat (e-Learning) platform a plus.
- Ability to analyze complex information and identify key and relevant points, including communicating in a relevant and easy to understand manner.
- Practical experience in implementing security policies, procedures, and technologies.
- Strong verbal and written communication skills.
- Strong attention to detail, well-organized, and able to manage time efficiently.
- Team player with ability to deal effectively with individuals at all levels.
- High degree of initiative requiring little or no supervision, sound judgment, and the ability to prioritize assignments, solve problems, and meet deadlines.
- Ability to produce high-quality work in a timely fashion in a fast-paced environment.