Sony Pictures Entertainment, Inc
Governance, Risk & Compliance Trainee, Information Security - Spring 2025
Sony Pictures Entertainment, Inc, Culver City, California, United States, 90232
Our Emerging Talent Programs, which includes Interns, Trainees, and Finance Rotational Associates, offer unique opportunities for students, recent graduates, and emerging talent to work alongside the teams that come together to create movies, TV shows, and other great experiences. These seasonal, paid assignments provide meaningful and productive work that allows you to build on your experience and develop your skills further. You will be provided with challenging tasks, real-world experience, and many educational and social networking opportunities.This Spring Trainee position is from January through May 30th (start and end dates are flexible based on your schedule) and all candidates must be able to work 40 hours a week, Monday through Friday in the specified location. This type of opportunity will jump-start your career and prepare you for a career in the desired field. This is not a remote role. A hybrid work option may or may not be available.DEPARTMENT DESCRIPTION:The SPE Information Security Team protects SPE stories across every stage of production and operations, from conception to distribution and beyond. Our goal is to be the best in the business, with a keen focus on developing and maintaining an industry reputation for managing information and creative assets responsibly, safely, and securely. The team consists of six key functions, which include Governance, Risk, and Compliance (GRC), Training & Awareness, Production Security, Security Architecture & Engineering, Incident Response & Threat Management, and Data Analytics. We have a defined roadmap to develop, implement, and cultivate mechanisms to make security risks visible across all SPE businesses, respond to incidents quickly, extend the culture of security, and most importantly, inspire our team for innovation and career growth.RESPONSIBILITIES:Risk and Compliance Reporting:
Support reporting maturity initiatives to enhance reporting content and delivery based on business-specific risks and support the development of management presentations as needed.
Policy and Framework Compliance:
Support in assessing and documenting SPE’s adherence to Sony corporate policies, ISO 27001, PCI DSS, and other obligations.
Policy Exception Management:
Support the triage of information security-related policy exceptions, monitor the expired exceptions backlog, and help Information Security meet or exceed target SLAs.
Continuous Improvement:
Identify and deliver opportunities to increase the overall efficiency and effectiveness of GRC workflows.
Learning:
Learn and be curious about the latest information security-related industry risk and compliance frameworks, share your learnings with the broader Information Security team, and support departmental initiatives to improve SPE's overall security posture.
QUALIFICATIONS:Bachelor's degree in Computer Science, Information Security, or a related field.
At least one year of work experience in information technology, security, and/or IT compliance.
Passion for protecting the confidentiality, availability, and integrity of sensitive assets and data.
PREFERRED QUALIFICATIONS:Relevant certifications or pursuing CISA, CISM, CSSP, or equivalent certifications.
Experience in managing projects from inception to completion.Experience in facilitating meetings, effective verbal and written communication, and collaboration with all levels of an organization.
#J-18808-Ljbffr
Support reporting maturity initiatives to enhance reporting content and delivery based on business-specific risks and support the development of management presentations as needed.
Policy and Framework Compliance:
Support in assessing and documenting SPE’s adherence to Sony corporate policies, ISO 27001, PCI DSS, and other obligations.
Policy Exception Management:
Support the triage of information security-related policy exceptions, monitor the expired exceptions backlog, and help Information Security meet or exceed target SLAs.
Continuous Improvement:
Identify and deliver opportunities to increase the overall efficiency and effectiveness of GRC workflows.
Learning:
Learn and be curious about the latest information security-related industry risk and compliance frameworks, share your learnings with the broader Information Security team, and support departmental initiatives to improve SPE's overall security posture.
QUALIFICATIONS:Bachelor's degree in Computer Science, Information Security, or a related field.
At least one year of work experience in information technology, security, and/or IT compliance.
Passion for protecting the confidentiality, availability, and integrity of sensitive assets and data.
PREFERRED QUALIFICATIONS:Relevant certifications or pursuing CISA, CISM, CSSP, or equivalent certifications.
Experience in managing projects from inception to completion.Experience in facilitating meetings, effective verbal and written communication, and collaboration with all levels of an organization.
#J-18808-Ljbffr