Senior Director, Defect Management

THE ROLE

We are seeking a highly motivated and detail-oriented Senior Director to Lead our Defect Management Team specializing in Penetration Testing, Vulnerability Management and resolution of defects, to join our cybersecurity team.

Reporting to the Vice President, Governance, Risk and Compliance (GRC), you will play a crucial role in identifying, evaluating, and mitigating security risks associated with vulnerabilities and defects throughout the LNE organization. You will lead a team of multidisciplinary professionals and work closely with cross-functional teams across geographical regions to ensure that vulnerabilities are effectively prioritized, remediated, and monitored, thereby protecting the organization’s assets and sensitive data. As a part of this role, the candidate will be required to clearly and effectively communicate the business impact and urgency of security defects, while closely following the defined risk management process.

This position is also responsible for defining the expected outcomes of and reporting metrics for Defect Management across the Live Nation Entertainment enterprise, ensuring high quality configuration and defect remediation.

WHAT THIS ROLE WILL DO

Develop, lead, and manage a high-performing security team of multiple skill sets across multiple locations

Enhance the Defect Management Framework, ensuring Compliance, Regulatory, and best practices is at its core

Cultivate the strategic direction, training, and evolution of the team to remain highly effective at various aspects of Cyber Security engagement

Proactively research and communicate emerging security threats through technical knowledge of the environments we operate in

Conduct hands-on technical security awareness training for software architects and development groups.

Foster effective teamwork, communication, collaboration, and commitment across multiple disparate groups with competing priorities

Empower the team, lead by example, and mentor all levels of competency

Champion improvements to internal programs and processes

Engage in threat modelling, security design reviews, infrastructure penetration testing, and security issue remediation verification

Work with application teams’ enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process. The goal is to inject a security mindset throughout the full SDLC from concept to testing and implementation.

WHAT THIS PERSON WILL BRING

10+ years of experience working in a technical security position, penetration testing, information security hardening technologies and techniques or similar background

5+ years of experience in Cyber Security related domains, with knowledge of security fundamentals, application vulnerabilities, attack vectors, penetration testing methodologies, and tools

5+ years of experience driving Information Security initiatives across large diverse organizations

5+ years of experience communicating with a wide range of technical & non-technical partners and senior leadership

Proficiency working with recognized IT Security-related standards and technologies

Training in Information Security-specific disciplines

Advanced written and verbal communication skills

Knowledge of information security standards, rules, and regulations related to information security and data confidentiality, and desktop, server, application, database, and network security principles for risk identification and analysis

Experience with performing all elements of penetration testing and system exploitation against applications, APIs, Web, Mobile, and Modern Infrastructure (Containers, Microservices, Serverless etc.)

Experience with conducting penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premises systems

Track record of building and growing talent with experience building and effectively managing large and diverse teams, and putting the appropriate processes and infrastructure in place to drive growth within a successful company

Ability to identify, attract, hire, develop, and retain the best security professionals needed to staff a world class organization and ensure they have the vision, plan, support, and culture in place to deliver impact.

Ethical character with ability to keep information confidential

Technical knowledge of adversary Tactics, Techniques, and Procedures (TTPs)

Understanding of common software security issues and remediation techniques (CISA KEV, OWASP Top 10, SANS 25, MITRE, etc.)

Domain expert on the threat landscape and innovative security strategies and products

Ability to work in large global environments spanning multiple time zones

BENEFITS & PERKS

Our motto is ‘Taking Care of Our Own’ through 6 pillars of benefits :

HEALTH : Medical, vision, dental and mental health benefits for you and your family, with access to a health care concierge, and Flexible or Health Savings Accounts (FSA or HSA)

YOURSELF : Free concert tickets, generous paid time off including paid holidays, sick time, and personal days

WEALTH : 401(k) program with company match, stock reimbursement program

FAMILY : New parent programs including caregiver leave and baby bonuses, plus fertility, adoption, foster, or surrogacy support

CAREER : Career and skill development programs with School of Live, tuition reimbursement, and student loan repayment

OTHERS : Volunteer time off, crowdfunding match