Senior Director, Defect Management

We are seeking a highly motivated and detail-oriented Senior Director to Lead our Defect Management Team specializing in Penetration Testing, Vulnerability Management and resolution of defects, to join our cybersecurity team.

Reporting to the Vice President, Governance, Risk and Compliance (GRC), you will play a crucial role in identifying, evaluating, and mitigating security risks associated with vulnerabilities and defects throughout the LNE organization. You will lead a team of multidisciplinary professionals and work closely with cross-functional teams across geographical regions to ensure that vulnerabilities are effectively prioritized, remediated, and monitored, thereby protecting the organization’s assets and sensitive data. As a part of this role, the candidate will be required to clearly and effectively communicate the business impact and urgency of security defects, while closely following the defined risk management process.

This position is also responsible for defining the expected outcomes of and reporting metrics for Defect Management across the Live Nation Entertainment enterprise, ensuring high quality configuration and defect remediation.

• Develop, lead, and manage a high-performing security team of multiple skill sets across multiple locations
• Enhance the Defect Management Framework, ensuring Compliance, Regulatory, and best practices is at its core
• Cultivate the strategic direction, training, and evolution of the team to remain highly effective at various aspects of Cyber Security engagement
• Proactively research and communicate emerging security threats through technical knowledge of the environments we operate in
• Conduct hands-on technical security awareness training for software architects and development groups
• Foster effective teamwork, communication, collaboration, and commitment across multiple disparate groups with competing priorities
• Empower the team, lead by example, and mentor all levels of competency
• Champion improvements to internal programs and processes
• Engage in threat modelling, security design reviews, infrastructure penetration testing, and security issue remediation verification
• Work with application teams’ enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process. The goal is to inject a security mindset throughout the full SDLC from concept to testing and implementation.

• 10+ years of experience working in a technical security position, penetration testing, information security hardening technologies and techniques or similar background
• 5+ years of experience in Cyber Security related domains, with knowledge of security fundamentals, application vulnerabilities, attack vectors, penetration testing methodologies, and tools
• 5+ years of experience driving Information Security initiatives across large diverse organizations
• 5+ years of experience communicating with a wide range of technical & non-technical partners and senior leadership
• Proficiency working with recognized IT Security-related standards and technologies
• Training in Information Security-specific disciplines
• Advanced written and verbal communication skills
• Knowledge of information security standards, rules, and regulations related to information security and data confidentiality, and desktop, server, application, database, and network security principles for risk identification and analysis
• Experience with performing all elements of penetration testing and system exploitation against applications, APIs, Web, Mobile, and Modern Infrastructure (Containers, Microservices, Serverless etc.)
• Experience with conducting penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premises systems
• Track record of building and growing talent with experience building and effectively managing large and diverse teams, and putting the appropriate processes and infrastructure in place to drive growth within a successful company
• Ability to identify, attract, hire, develop, and retain the best security professionals needed to staff a world class organization and ensure they have the vision, plan, support, and culture in place to deliver impact.
• Ethical character with ability to keep information confidential
• Technical knowledge of adversary Tactics, Techniques, and Procedures (TTPs)
• Understanding of common software security issues and remediation techniques (CISA KEV, OWASP Top 10, SANS 25, MITRE, etc.)
• Domain expert on the threat landscape and innovative security strategies and products
• Ability to work in large global environments spanning multiple time zones

Our motto is ‘Taking Care of Our Own’ through 6 pillars of benefits :

• HEALTH : Medical, vision, dental and mental health benefits for you and your family, with access to a health care concierge, and Flexible or Health Savings Accounts (FSA or HSA)
• YOURSELF : Free concert tickets, generous paid time off including paid holidays, sick time, and personal days
• WEALTH : 401(k) program with company match, stock reimbursement program
• FAMILY : New parent programs including caregiver leave and baby bonuses, plus fertility, adoption, foster, or surrogacy support
• CAREER : Career and skill development programs with School of Live, tuition reimbursement, and student loan repayment
• OTHERS : Volunteer time off, crowdfunding match