Vice President - Security / Head of Security

Posted Date:1/31/2018 1:27:34 PM
Job Type: Full Time
Req #: JR-11304
Location: Hollywood, CA
Job Category:Engineering

Job Summary:

Who we are.
We’re fans who help fans everywhere get in to the live events they love.  A proud division of Live Nation Entertainment, Ticketmaster has changed the way the world connects with their favorite artists, teams, and shows, and we continue to shape innovation every day. We’re not just selling tickets (though we do that better than anyone else), we’re enriching lives one amazing experience at a time. And we think that’s pretty amazing. If you’re passionate about the magic of live entertainment like we are, and you want to work at a company dedicated to helping millions of fans experience it, we want to hear from you.

Why you should work with us.
Our biggest investment is in our people. We offer comprehensive health benefits and 401k matching, student loan assistance, plus career-boosting opportunities like tuition reimbursement and targeted development sessions to help all eligible employees thrive. At Ticketmaster, expect the fast-paced excitement of a startup with the rock-solid support from an industry leader – with plenty of ticket perks on the side.

See what it’s like working at Ticketmaster.

The Role:

As our leader of Technology Security you will play a key hands on role in setting up the foundation of our infrastructure security team by building out the strategy, process, technology, resources and team that will drive the design, and implementation of enterprise infrastructure security architectures and solutions supporting the worldwide technology efforts of Ticketmaster.  You will take a lead role in recommending courses of action to mitigate security vulnerabilities and threats to our products and web services.  Leveraging your broad and deep understanding of technical concepts, you will lead a team that will troubleshoot and resolve security vulnerabilities and remediation related issues.  Provide in depth analysis to propose and implement changes aimed at continuous system-wide improvements.   You will be one of our security experts in application development, database design, network and platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. 

Key Responsibilities:

  • Update, prepare and document standard operating procedures and protocols.
  • Manage information security infrastructure e.g. malware protection, web layer protection, firewalls, patching and data leakage protection.\
  • Perform firewall acl reviews and execute acl best practices and any necessary remediation.
  • Perform audits and recommendations of network perimeter hardware, software, protocols and processes.
  • Collaborate with Information Security team in developing technical solutions and new security tools to help mitigate security risks and vulnerabilities and automate repeatable tasks.
  • Lead security tool development: researching, planning, and implementing new tool features to make security tools more effective.
  • Triage security vulnerabilities and execute risk mitigation actions.
  • Automate collection of software inventory for existing and new instances.
  • Develop and maintain custom software tools/scripts to automate repetitive tasks, generate operational reports and improve self-service capabilities for desktop, server and network engineers.
  • Draft user communication and issue email notifications to key stakeholders and the user community regarding environment changes, patches, and outages, both planned and unplanned.
  • Assists with interpretation of information security policies, standards, and other requirements as they relate to specific internal and externally hosted IT systems and assists internal and external technology teams in the implementation of information security requirements.
  • Recommends security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
  • Participates in ensuring that IT Security controls meet the requirements of all regulatory requirements or contractual requirements; PCI (Payment Card Industry) Security Standards, state and federal Privacy law, Sarbanes Oxley Act (SOX), HIPAA, etc.
  • Assists in the designing and engineering of internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability
  • Serves as an active member of incident response teams and participates in security incident response efforts by having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures. Acts as a technical consultant on information security incident investigations and forensic technical analyses.

What a qualified candidate should possess:

  • Bachelor’s degree in computer science or related technology degree, or equivalent experience in related field required
  • 10+ years of experience in an IT environment, with experience leading enterprise security architecture teams and managing and providing technical leadership for complex enterprise security projects.
  • In-depth internal control knowledge of core IT technologies and processes (e.g., network systems, operating systems databases, change control tools and processes, computer system operations, application and system development, help desk and monitoring, information security, data backup/retention/recovery, IT vendor management, asset management, disaster recovery, etc.)
  • Advanced technical capabilities in a wide array of platforms and systems (e.g., VMware, Windows, UNIX, SQL, etc.).
  • Knowledge of IT infrastructure, platform and data security architectures, and best practices; 
  • Knowledge on threat landscape, security threat and vulnerability management, as well as security monitoring and analytics; 
  • Knowledge in compliance frameworks and requirements such as HITRUST, PCI, HIPAA, SOX, etc.
  • Proficiency working with recognized IT and Information Security-related standards and technologies.
  • Knowledge of industry business drivers and direction for a wide range of Technologies 
  • Demonstrated ability to perform a risk-based approach to securing applications, databases, or infrastructure
  • Demonstrated ‘big picture’ thinking – the ability to see how parts interact with the whole while retaining the ability to focus on security domain capabilities; 
  • Deep familiarity with PCI/DSS, SSAE16, SOX, and GDPR compliance
  • Experience completing level 1 PCI audit compliance
  • Familiarity with network segmentation, NAT/PAT translations, DMZ zoning
  • Experience balancing Administrative access controls against functional management requirements
  • Familiarity with CI/CD pipelines and their use for secure production access control
  • Understanding of vulnerability scanning in a dynamically scaling environment
  • Understanding of security implications of containers and container orchestration
  • Foundational background in either Systems Engineering or Network Engineering

Equal Employment Opportunity
Ticketmaster strongly supports equal employment opportunity for all applicants regardless of age (40 and over), ancestry, color, religious creed (including religious dress and grooming practices), family and medical care leave or the denial of family and medical care leave, mental or physical disability (including HIV and AIDS), marital status, domestic partner status, medical condition (including cancer and genetic characteristics), genetic information, military and veteran status, political affiliation, national origin (including language use restrictions), citizenship, race, sex (including pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, and gender expression, sexual orientation, or any other basis protected by applicable federal, state or local law, rule, ordinance or regulation. 

We will consider qualified applicants with criminal histories in a manner consistent with the requirements of the Los Angeles Fair Chance Ordinance, for applicants in Los Angeles, California, and consistent with applicable laws in other areas.

Hiring Practices
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Ticketmaster recruitment policies are designed to place the most highly qualified persons available in a timely and efficient manner. Ticketmaster may pursue all avenues available, including promotion from within, employee referrals, outside advertising, employment agencies, internet recruiting, job fairs, college recruiting and search firms.

Link for schema