Sr. Information Security Engineer

Headquartered in New York City, Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. The Company develops and publishes products principally through 2K, Rockstar Games, and Zynga. Our products are currently designed for console gaming systems, PC, and Mobile, including smartphones and tablets, and are delivered through physical retail, digital download, online platforms, and cloud streaming services. The Company’s common stock is publicly traded on NASDAQ under the symbol TTWO.

While our offices (physical and virtual) are casual and inviting, we are deeply committed to our core tenets of creativity, innovation and efficiency, and individual and team development opportunities. Our industry and business are continually evolving and fast-paced, providing numerous opportunities to learn and hone your skills. We work hard and have fun. We believe our workplace is a great environment to pursue your passions.

In today’s highly interconnected digital ecosystem, managing cyber risks across the supply chain is essential to securing our enterprise. The increasing reliance on third-party software and service providers—coupled with the growing sophistication of supply chain-based cyber threats—requires a strategic, proactive approach to risk identification and mitigation.

That’s where you come in. We are seeking a seasoned Information Security Engineer to play a vital role in fortifying our end-to-end cyber supply chain security risk management efforts. In this role, you will assess and manage cyber risks associated with external partners, suppliers, platforms, and integrations—ensuring that our technology ecosystem remains resilient and compliant. You will collaborate closely with Label partners and information security engineering, product security, security operations, risk management and other information security teams to evaluate supplier security posture, monitor for cyber supply chain vulnerabilities, and implement robust risk mitigation strategies. Your efforts will directly support the business by enabling secure, reliable, and compliant supplier relationships across the enterprise.

• Conduct comprehensive cyber risk assessments on suppliers, vendors, and third-party service providers leveraging questionnaires and technical assessments.
• Evaluate and review technical integrations with third-party systems, services, and APIs/SDKs to ensure secure architecture and data flows, including verification of security configurations and controls.
• Collaborate with architecture, engineering, and Label-partner technical integration teams to assess risks introduced through direct and indirect system integrations and define security requirements for third-party contracts and security addendums.
• Collaborate with the C-SCRM Lead to develop and maintain a cyber supply chain cybersecurity risk management strategy aligned with industry standards (e.g., NIST SP 800-161, etc.), tailored to the Company's strategic objectives, and regularly updated based on evolving threats and regulations.
• Monitor and evaluate third-party risk indicators and threat intelligence relevant to cyber supply chain operations, including security ratings, vulnerability disclosures, and security incidents, potentially utilizing security monitoring tools and threat intelligence platforms.
• Recommend and define specific security requirements and guidelines for third-party connections, proposing controls and mitigation strategies for cyber supply chain risks, including compensating controls when necessary, and validating the implementation of these controls.
• Collaborate with internal teams during incident response scenarios involving cyber supply chain partners, including investigation, communication, and reporting, if needed.
• Track and report on supply chain cyber risks and control effectiveness to senior leadership through defined metrics and key performance indicators (KPIs) in a clear and concise manner, communicating risk findings and remediation efforts to relevant stakeholders.
• Stay updated on current threats, vulnerabilities, and regulatory changes impacting the cyber supply chain landscape through continuous learning, participation in industry forums, and professional development, and evaluate and recommend new tools and technologies for supply chain risk management.

• Bachelor’s degree in Information Security, Network Security, or Information Technology, or a related field (or equivalent work experience).
• 5+ years of experience in information security, risk management, or cyber supply chain security, with a strong understanding of cloud security principles (AWS, Azure, GCP).
• Strong understanding of information security risk assessment methodologies, particularly in the context of system and application integration, including experience with security assessment tools and techniques (e.g. vulnerability scanners, threat intelligence platforms, and knowledge of penetration testing methodologies).
• Familiarity with technologies and protocols commonly used in system-to-system communication (e.g., REST APIs, SAML/OAuth, secure data transfer mechanisms) and network security concepts.
• Knowledge of industry frameworks and standards such as NIST, CIS, and familiarity with data privacy regulations (e.g., GDPR, CCPA).
• Experience with third-party risk management platforms (e.g., BitSight, SecurityScorecard, RiskRecon) and exposure to GRC principles and platforms.
• Excellent analytical, communication (both written and verbal), including the ability to translate complex technical risks into business-understandable language.
• Demonstrated problem-solving and critical thinking abilities.
• Relevant professional certifications, including both broad cybersecurity credentials (e.g., CISSP) and hands-on technical certifications in defensive and offensive security (e.g., PJPT, Net+, PenTest+, CySA+), are highly desirable.

• Great Company Culture. Ranked as one of the most creative and innovative places to work, creativity, innovation, efficiency, diversity and philanthropy are among the core tenets of our organization and are integral drivers of our continued success.
• Growth. As a global entertainment company, we pride ourselves on creating environments where employees are encouraged to be themselves, inquisitive, collaborative and to grow within and around the company.
• Work Hard, Play Hard. Our employees bond, blow-off steam, and flex some creative muscles – through corporate boot camp classes, company parties, game release events, monthly socials, and team challenges.
• Benefits. Medical, dental, vision, pension plan, employee stock purchase plan, in-house wellness program, broad learning & development opportunities, a charitable giving platform with company match and more!
• Perks. Fitness allowance, employee discount programs, free games & events, stocked pantries and more.

Take-Two Interactive Software, Inc. (“T2”) is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organization. Employment at T2 is based on substantive ability, objective qualifications, and work ethic – not an individual’s race, creed, color, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.

Please be aware that Take-Two does not conduct job interviews or make job offers over third-party messaging apps such as Telegram, WhatsApp, or others. Take-Two also does not engage in any financial exchanges during the recruitment or onboarding process, and the Company will never ask a candidate for their personal or financial information over an app or other unofficial chat channel. Any attempt to do so may be the result of a scam or phishing exercise. Take-Two’s in-house recruitment team will only contact individuals through their official Company email addresses (i.e., via a take2games.com email domain). If you need to report an issue or otherwise have questions, please contact Careers@take2games.com