At Cast & Crew, we’ve empowered creativity and supported the global entertainment industry for decades. Together with our family of brands - Backstage, CAPS, Checks & Balances, Final Draft, Media Services, Sargent-Disc, and The TEAM Companies – we operate as a combined entertainment technology and services provider offering industry standard screenwriting accounting software, digital payroll products, data & reporting, and a host of creative tools. The industry continues to move faster than ever, and the need for our expertise, our technology, and our people has never been greater. We are a production’s best ally every step of the way. #OneCastOneCrew
About Cast & Crew
We grew from a modest small business in 1976 to be the premiere provider of entertainment technology and solutions, staying true to our mission of modernizing content production and leading the digital transformation within the industry. Our cloud-based solutions and industry expertise help streamline the entire production lifecycle and have revolutionized how content is made. We now have a global workforce across a host of storied brands, spanning all areas of produced and live entertainment, from film, television, streaming, to advertising, live events, and short-form.
Information Security Risk Analyst
Regular Full-Time
Position Overview:
The Information Security Risk Analyst is responsible for assessing all information risks and facilitating remediation of identified vulnerabilities for the Information Security Office and IT risk across the enterprise. This highly analytical individual will be responsible for leading program maturity efforts and initiatives in collaboration with operations and engineering departments.
The Information Security Risk Analyst should have experience with risk and compliance tools, audits including SOC 1 and SOC 2, and vulnerability remediation. A desire to innovate and stay current on security technologies is also required.
Core Responsibilities
- Participating in risk assessments and audits by collecting and analyzing documentation, statistics, evidence, and reports.
- Developing and maintaining security documentation such as policies, standards, and procedures
- Establishing policies and procedures to identify and address risks in the organizations services and departments.
- Information gathering and interviewing of internal resources to complete third-party security questionnaires.
- Leading third-party vendor assessments utilizing risk-scoring tools.
- Maintaining internal risk scores by managing vulnerability remediation.
- Advising internal lines of business, IT partners, and 3rd parties on how to remediate technical security issues and verify remediation activities.
- Reviewing and assessing risk management policies and protocols; making recommendations and implementing modifications and improvements.
- Monitoring and reporting on internal control effectiveness.
- Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.
- Reviewing and analyzing metrics and data such as vulnerability scan reports and cybersecurity risk scoring tools.
- Drafting and presenting risk reports and proposals to executive leadership and senior staff.
- Performing other duties as directed
Key Qualifications
Total experience of 5+ years in Information Security with experience in the following:
- Audits and risk management
- Third-party security assessments
- Documentation and creation of policies, procedures, and runbooks
- Vulnerability remediation
Communications:
- Excellent oral communication skills and is comfortable in group or small team settings
- Excellent written communication skills
- Ability to take highly technical material and present\communicate it to a non-technical audience
Relationship Building:
- Builds excellent working relations with all IT colleagues and users, works effectively with department and executive management, and maintains a professional relationship with outside clients
Planning, Organizing, Prioritizing, Delivering:
- Exhibits mature organization and time management skills
- Excellent problem-solving skills
- Excellent documentation, communications, and interpersonal skills.
- Effectively plans and organizes daily work following priorities set by the Security manager and help desk tickets when appropriate
- Demonstrates strong follow-up and follow-through skills in ensuring timely completion of projects
- Self-starter who actively takes responsibility to resolve technical problems but also knows when to ask questions to avoid major delays in delivery of work product
Knowledge of:
- Vulnerability scanners and risk-scoring tools
- Audits including SOC 1 type 2, SOC 2 type 2, and internal audits
- Risk management best practices
- Information gathering and reporting
- Experience implementing and supporting security technology such as risk management, GRC, and vulnerability management tools
Skill In:
- Using commercial and open-source risk management, GRC, and security tools
- Knowledge of auditing best practices
- Advising on vulnerability remediation
- Writing technical documentation
- Communicating risk management needs to other departments and management
- Working as part of a team
- Experience in the Entertainment Industry is a plus
Preferred Qualifications
One or more of the following certifications is preferred:
- CISSP
- CRISC
- Vendor Certifications (e.g., AWS/Azure)
- GIAC/ GSEC
- CISA
Special Work Conditions
- Sedentary - Involves sitting most of the time but may involve walking or standing for brief periods of time. Some positions may entail exerting up to 30 lbs. of force occasionally and/or a negligible amount of force to lift, carry, push, or pull.
Benefits
Cast & Crew provides a comprehensive package of employee benefits including: Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more! Note: Cast & Crew benefits are subject to eligibility requirements.
Due to the high volume of applicants, it is likely that only shortlisted candidates will be contacted.
CA residents: Your personal information may be collected in connection with certain services provided by Cast & Crew or its affiliated companies. A summary of your California privacy rights can be found at: https://www.castandcrew.com/privacy-policy/
Cast & Crew is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. It is our policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.
