Senior Information Security Specialist
We are EA
And we make games – how cool is that? In fact, we entertain millions of people across the globe with the most amazing and immersive interactive software in the industry. But making games is hard work. That’s why we employ the most creative, passionate people in the industry.
The Challenge Ahead
The Senior Information Security Specialist is a key member of the Global Security and Risk Management (SRM) team which provides information security and risk management support for EA’s business worldwide. This position is focused on all aspects of Information Security within the context of the SRM service portfolio. Information Security has a particular emphasis on all aspects of IT, application, and data security, including consultancy type services as it relates to protecting EA. The work of the Information Security team supports business by defining what good looks like from a security perspective, prioritizing innovative, security initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
What does a Security Specialist does at EA
This position works closely with the various EA business units and technology departments, and requires the ability to balance business needs with security and corporate standards. The successful candidate will provide the expertise required to provide effective high-quality and timely subject matter expertise, input, and guidance on Information Security. This role is ‘business facing’ and ‘consultative’ in nature as well as being ‘hands-on’ in terms of delivery. To that end, the successful candidate must demonstrate an aptitude toward building lasting partnerships, relationships and trust within EA’s business units and, at the same time, be equipped to talk with authority around a wide range of technical and procedural matters pertaining to Security and Risk Management.
Our next Security Specialist should have
The successful candidate will have extensive knowledge of technology offerings, including emerging technologies, and should have hands on experience in implementing and using technology and security platforms/solutions. The candidate will also be familiar with secure application architecture/design and development. This individual must be detail and process oriented, and must demonstrate problem-solving abilities. In addition, the candidate must have a strong security background with knowledge of current leading security practices.
A successful track record and of experience in technology and information security. Ideally, this experience would have been gained within an Online Services type environment. Media Entertainment or related verticals would be an advantage.
A proven track record of experience being responsible for reviewing, recommending, implementing, and supporting security solutions.
Demonstrated knowledge of recognized security industry standards and leading practices (e.g., PCI, OWASP, NIST, DISA, CIS, etc.)
Strong knowledge of network technologies and platforms (e.g., TCP/IP, routing protocols, subnet, VLAN, QoS, MPLS, access control list, firewall, router, switch, VPN, load balancer, network traffic analysis, IDS/IPS, proxy, etc.).
Strong knowledge of server and workstation technologies and platforms (e.g., Windows, Unix, Linux, Macs, etc.).
Strong knowledge of middleware technologies and platforms (e.g., databases, web server, application servers, etc.).
Strong knowledge of virtualization and cloud technologies, platforms, and services.
Strong knowledge of directory, identity, authentication, and access management technologies (e.g., AD, LDAP, SSO, AD FS, multi-factor authentication, TACACS+, Radius, etc.).
Broad knowledge of security technologies, solutions, and tools (e.g., encryption technologies, SIEM, DLP, AV, port scanners, vulnerability scanners, etc.).
A high level knowledge of physical security strategies, devices and deployment objectives.
Some experience with programming and scripting languages (e.g., PHP, .NET, Java, C, Perl, etc.).
Knowledge of the various application development platforms and secure application architecture/design and development
Broad knowledge of operational and security processes/controls (e.g., vulnerability management, patch management, configuration management, access management, etc.).
Solid understanding of assessing and designing security controls in an enterprise-level environment.
Broad understanding of how to conduct risk assessments and the associated methodologies involved in risk mitigation and the presentation of this work.
Must be able to understand business strategies that are only defined on a conceptual level.
Exceptionally self-motivated, directed, detail-oriented with strong sense of ownership.
Ability to work independently and in a cross functional team.
Effectively interact with various internal departments to accomplish business goals; be able to influence culture and organizational change.
Must be able to learn, understand and apply new technologies.
Strong analytical and problem-solving abilities.
Excellent written and verbal communications skills.
Perform multiple critical assignments under stringent deadlines in a fast-paced, highly complex, and dynamic environment; able to adapt and react to project adjustments and alterations promptly and efficiently.
Bachelor’s degree in Computer Science or related fields.
Certifications in one or more of the following areas required: CISSP, CISM, GISO, GCIH
Serve as an information security advisor to our business and IT partners, establishing trust relationships through active engagement and collaboration.
Provide security thought leadership through establishing/defining what good looks like from a security perspective based on leading/common security practices and related work experience.
Shape business needs into solutions that enable the business in a secure manner.
Lead and assist in the evaluation, architecture, design, planning, implementation, and support of security solutions.
Provide guidance and architecture review of proposed security and business functions or practices.
Assess and communicate all security risks associated with any and all practices performed by the company.
Identifies security issues and provides the appropriate resolution or may make recommendations to Sr. Management on how escalated issues can be resolved.
Creatively and independently provide resolution to security problems in a cost-effective manner.
Produce written technical reports and/or develop presentations on security activities.
Participate in the creation of global security documents (policies, standards, baselines, guidelines and procedures), as well as the design and implementation of associated processes.
Maintain up-to-date detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Remain informed on trends and issues in the security industry, including current and emerging technologies and regulatory and compliance issues. Advise, counsel, and educate executive and management teams on their relative importance.
Participate in the incident response process as necessary including investigating suspicious behaviour.
Participates in periodic information systems risk assessments.
What’s in it for you? Glad you asked!
We love to brag about our great perks like comprehensive health and benefit packages, match and more pension and of course, free video games. And since we realize it takes world-class people to make world-class games, we offer competitive compensation packages and a culture that thrives off of creativity and individuality. At EA, we live the “work hard/play hard” credo every day