Sr. Information Security Engineer New Toronto, Ontario, Canada

Headquartered in New York City, Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. The Company develops and publishes products principally through 2K, Rockstar Games, and Zynga. Our products are designed for console gaming systems, PC, and Mobile, including smartphones and tablets, and are delivered through physical retail, digital download, online platforms, and cloud streaming services. The Company’s common stock is publicly traded on NASDAQ under the symbol TTWO.

Our offices (physical and virtual) foster a casual and inviting environment, emphasizing creativity, innovation, efficiency, and individual and team development. The industry is fast-paced and continually evolving, offering numerous opportunities for growth. We work hard and have fun, believing our workplace is a great environment to pursue your passions.

Managing cyber risks across the supply chain is crucial in today’s interconnected digital ecosystem. The reliance on third-party software and service providers, along with sophisticated supply chain cyber threats, necessitates a strategic and proactive approach to risk management.

We seek a seasoned Information Security Engineer to strengthen our cyber supply chain security efforts. You will assess and manage cyber risks related to external partners, suppliers, platforms, and integrations, ensuring our technology ecosystem remains resilient and compliant. Collaboration with various security teams will be essential to evaluate supplier security, monitor vulnerabilities, and implement risk mitigation strategies, supporting secure and reliable supplier relationships.

1. Conduct cyber risk assessments on suppliers, vendors, and third-party providers using questionnaires and technical assessments.
2. Review technical integrations with third-party systems, APIs/SDKs for secure architecture and data flow, including security configurations.
3. Work with architecture and engineering teams to assess risks from system integrations and define security requirements for third-party contracts.
4. Develop and maintain a cyber supply chain risk management strategy aligned with industry standards (e.g., NIST SP 800-161), updating regularly based on threats and regulations.
5. Monitor third-party risk indicators and threat intelligence, utilizing security tools and platforms.
6. Define security requirements and controls for third-party connections, including controls validation.
7. Participate in incident response involving supply chain partners, including investigation and reporting.
8. Report on cyber risks and control effectiveness to senior leadership with clear metrics and KPIs.
9. Stay updated on threats, vulnerabilities, and regulations affecting the cyber supply chain, recommending new tools and technologies.

• Bachelor’s degree in Information Security, Network Security, IT, or equivalent experience.
• 5+ years in information security, risk management, or cyber supply chain security, with cloud security knowledge (AWS, Azure, GCP).
• Experience with risk assessment methodologies and security assessment tools.
• Knowledge of system communication protocols (REST APIs, SAML/OAuth) and network security.
• Familiarity with industry standards (NIST, CIS) and data privacy laws (GDPR, CCPA).
• Experience with risk management platforms (BitSight, SecurityScorecard, RiskRecon).
• Strong analytical and communication skills, with ability to translate technical risks into business terms.
• Problem-solving and critical thinking skills.
• Relevant certifications (e.g., CISSP, PenTest+, CySA+) are highly desirable.

• Innovative company culture emphasizing creativity, diversity, and growth.
• Opportunities for professional development and advancement.
• Engaging work environment with social and team-building activities.
• Comprehensive benefits including health plans, pension, stock purchase, wellness programs, and more.
• Perks such as fitness allowances, employee discounts, and free events.

Take-Two Interactive is an equal opportunity employer committed to diversity and inclusion. Employment decisions are based on ability and qualifications, not on race, gender, or other protected characteristics.

Note: We do not conduct interviews via third-party messaging apps or request financial information through unofficial channels. Contact us only through official company email addresses.