Vice President, Information Technology and Security

The Motion Picture Association of America is an American trade association that represents the six major Hollywood studios.

**Management and Leadership** - Develop strong working relationships with technology and business partners across a global organization that are impacted by the capture, storage, processing, dissemination and security of information. - Influence vendor and application selection through analysis of technology and - Provide training and leadership as well as manage IT and IS teams composed of internal and external resources - Review and approve major contracts - Serve on planning and policy making committees **Information Technology** - Direct and manage computing and information technology strategic plans, policies, programs and project schedules and ensure all network, application, and infrastructure capabilities are responsive to the needs of the organization’s growth and objectives - Advise senior management on strategic systems conversions and integrations in support of business goals - Oversee the development, design and implementation of new applications and changes to existing computer systems and software packages - Responsible for the development, review and certification of all back up and disaster recovery procedures and plans **Application Security** - Continue to build and enhance secure application design and development policies and practices - Conduct application assessments (design reviews, pen tests, code reviews) and lead implementation of associated application security technologies - Ensure that security assessments are performed in a timely fashion, findings are handled appropriately, and resources are utilized effectively - Enhance technical operational procedures to improve efficiency of the assessment process - Maintain centralized repository of application security pentest results and remediation plans **National and International Security** - Partner with all global offices to assess the technical and security needs of internal systems and services - Develop and maintain security policies and procedures including, but not limited to, incident response plans, business continuity plans, etc. - Lead the implementation and operation of security services such as vulnerability assessment, threat monitoring and incident response - Coordinate and liaise with Legal teams to support operational, legal, and regulatory requirements such as EU Data Privacy, Safe Harbor, PII, etc. **Information Security Awareness** - Drive strategy for security incident management and identify opportunities to improve visibility and sophistication of response capability - Implement organization-wide security awareness initiatives and provide timely information to employees and leadership regarding new and emerging threats - Work with relevant stakeholders to develop IT security policies and controls - Collaborate with all teams to communicate and enforce security controls **Security Architecture** - Continue to enhance the monitoring, instrumentation, and other technology and security capabilities of applications - Review and approve application design and architecture from an information security perspective - Create technical standards to guide engineering teams on installation and configuration of new technologies toward adoption of best practices and in compliance with existing policies and standards - Liaise with vendors that are providing technical infrastructure (IaaS, PaaS, SaaS) to ensure security practices and technologies are in line with MPAA’s standards and practices **Risk Governance** - Lead the responsibility for risk governance activities

- Minimum of 8 to 10 years of IT leadership experience with a minimum of 4 years in IT security - Minimum of 5 years’ experience managing internal talent, as well as 3rd party consultants - Strong analytical, communication, presentation and collaboration skills - Understanding of application design and development and ability to read and understand code - Strong information security architecture design and implementation skills - Strong understanding of and direct experience with application security topics, including application security assessments, OWASP top 10 and PII use in applications - Experience assessing security of custom built applications and SaaS/Cloud applications and services - Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies - In-depth knowledge of TCP/IP networking and protocols - Strong understanding of a wide variety of attacks such as cross-site scripting, network intrusions, malicious emails, web-based attacks, malware and botnet infections - Experience with international security requirements (EU Data Privacy, Safe Harbor, PII, data transfer, etc.) is required - Strong knowledge of network infrastructure, routing, switching, servers, clients, and mobile computing **Education and Skills** - BA/BS in Computer Science or related discipline required, - Advance degree preferred - Certifications such as MCSE, CCNA, CCIE, CISSP, CISM, GIAC, CEH preferred