Senior Information Security Risk Analyst
Who We Are
Headquartered in New York City, Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. The Company develops and publishes products principally through Rockstar Games, 2K, Private Division, and Zynga. Our products are currently designed for console gaming systems, PC, and Mobile, including smartphones and tablets, and are delivered through physical retail, digital download, online platforms, and cloud streaming services. The Company’s common stock is publicly traded on NASDAQ under the symbol TTWO.
While our offices (physical and virtual) are casual and inviting, we are deeply committed to our core tenets of creativity, innovation and efficiency, and individual and team development opportunities. Our industry and business are continually evolving and fast-paced, providing numerous opportunities to learn and hone your skills. We work hard, but we also like to have fun, and believe that we provide a great place to come to work each day to pursue your passions.
The Information Security Risk Management team at Take-Two Interactive (T2) is an aspiring, hard working and collaborative group which works together to mature the security posture of T2 and its labels, Rockstar, 2K and Zynga. The team is looking for a Senior Information Security Risk Analyst to help manage the internal and external Information Technology (IT) risks for the organization. The analyst will assist with planning, organizing, coordinating, and performing risk assessments to identify key controls, critical risks, action plans, and recommendations.The candidate must be able to build working relationships and drive change with various levels of management on an enterprise scale, and be able to articulate how risk assessment results translate to business risk for the organization.
What You’ll Take On
- Manage the development, implementation and maturity of the Information Security (IS) risk management program.
- Lead, plan and manage the execution and delivery of risk-based cyber assessments, which may include vendors, IT applications, IT infrastructure, and IT operational process reviews, IT governance & strategy design assessments, and SOX compliance related activities.
- Communicate, track and provide guidance on remediation activities of identified security and gaps to internal (i.e., T2 business units, labels, studios) and external parties (i.e., vendors, partners).
- Prepare deliverables, reports, for review by the risk management and senior leadership that include issues, trends and other micro/macro level risks identified through the execution of IT internal control work and other assurance-related activities.
- Define and capture metrics that measure effectiveness of the overall information security program and report them to the management.
- Contribute "best practices" in terms of findings, checklists, templates, testing methods, and techniques to support and advance the risk management program.
- Serve as a trusted advisor and consultant between T2 information security and labels on internal and external information security audit requests (i.e., SOX, external compliance audits).
- Ensure compliance with information security policies and standards.
- Assist junior members of the team and perform quality review of their work.
- Oversee the design, implementation and operation of an IT Governance, Risk and Compliance (GRC) solution.
- Support T2 and labels on development and implementation of GRC workflows to meet business objectives.
- Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting T2 and labels.
- Performs other duties as assigned.
What You Bring
- Have a heart of serving, a desire to learn, and an ego in check
- 5+ years of experience in IT risk management, IT governance, or internal controls.
- Bachelor’s degree in Business Management, Risk Management, Computer Science, or equivalent job experience.
- In-depth understanding of core information technology processes and controls.
- Experience in supporting, analyzing with use of risk scoring, managing, communicating and acting as a primary resource for risk reviews (new and ongoing).
- In-depth experience with information security related work (e.g., implemented and/or conducted audits or assessments based on relevant security control frameworks), and have experience with security standards such as CIS, NIST CSF, or ISO 27001.
- Experience in leading information security, vendor or cloud security risk assessments.
- Experience with Governance, Risk, and Compliance (GRC) and vendor risk management tools.
- Industry recognized certifications within the domains of information security (e.g., CISSP, GIAC, CISA, etc.) are plus.
- Excellent verbal and written communication, planning, analysis and organizing skills.
- Articulate communicator, demonstrating mastery of both spoken and written English, with the ability to tailor deliverables appropriately for audiences ranging from technical individual contributors to senior executives
- Strong project management skills with an ability to manage and report on multiple concurrent projects.
- Strong critical thinking skills; ability to quickly comprehend problems, develop hypotheses, draw logical conclusions, develop solutions, and respond accordingly
What We Offer You
- Great Company Culture. Ranked as one of the most creative and innovative places to work, creativity, innovation, efficiency, diversity and philanthropy are among the core tenets of our organization and are integral drivers of our continued success.
- Growth: As a global entertainment company, we pride ourselves on creating environments where employees are encouraged to be themselves, inquisitive, collaborative and to grow within and around the company.
- Work Hard, Play Hard. Our employees bond, blow-off steam, and flex some creative muscles – through corporate boot camp classes, company parties, game release events, monthly socials, and team challenges.
- Benefits. Medical (HSA & FSA), dental, vision, 401(k) with company match, employee stock purchase plan, commuter benefits, in-house wellness program, broad learning & development opportunities, a charitable giving platform with company match and more!
- Perks. Fitness allowance, employee discount programs, free games & events, stocked pantries and the ability to earn up to $500+ per year for taking care of yourself and more!
Take-Two Interactive Software, Inc. (“T2”) is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organization. Employment at T2 is based on substantive ability, objective qualifications, and work ethic – not an individual’s race, creed, color, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.
The pay range for this position in New York City at the start of employment is expected to be between $100,000 and $150,000 per Year. However, base pay offered is based on market location, and may vary further depending on individualized factors for job candidates, such as job-related knowledge, skills, experience, and other objective business considerations. Subject to those same considerations, the total compensation package for this position may also include other elements, including a bonus and/or equity awards, in addition to a full range of medical, financial, and/or other benefits. Details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an 'at-will position' and the company reserves the right to modify base salary (as well as any other discretionary payment or compensation or benefit program) at any time, including for reasons related to individual performance, company or individual department/team performance, and market factors.