- United States
- Date Posted
- Aug. 31, 2021
- Business Intelligence
At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you’ll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.
You will work as a key member of the Enterprise Cybersecurity team to ensure that Sonos’ leadership, staff, policies, processes, practices, and technologies provide oversight, management, measurement, and course correction for all cybersecurity activities, and that risk is mitigated proportionate to the company’s risk tolerance. In doing so, you will be helping to protect customers and enable Sonos to continue to deliver delightful sound experiences to our customers worldwide.
What You’ll Do
- Establish, build, and maintain Sonos’ cybersecurity risk management framework, provide actionable insight to Sonos leadership, and drive strategic cybersecurity risk management initiatives across the company.
- Manage and provide oversight of Sonos’ cyber-security posture to ensure that cybersecurity risk is identified, understood, analyzed, and suitably mitigated.
- Develop, maintain, and evaluate security policies and procedures, and work with engineering and operations teams to help ensure system controls create desired security outcomes.
- Work with security operations and engineering teams to define requirements and processes to drive focus, visibility, and accountability at scale for security policy compliance across Sonos.
What You’ll Need
- 9+ years of experience in cybersecurity incident response, identity and security operations, cybersecurity risk management, or similar.
- Experience in driving strategic, durable, and positive cybersecurity outcomes in response to security incident learnings or risk management activities.
- Demonstrated knowledge of cybersecurity risk management standards, such as ISO/IEC 27001 or similar.
- The ability to maintain a professional approach and organize your work and that of others while under pressure.
- Be able to communicate both complex technical and business issues to a wide range of audiences, verbally and in-writing.
- Knowledge in one or more information technology related fields that include cloud services, authentication, PKI, system administration, software development, networking, or security architecture.
- Working knowledge of a range of security-related subjects such as threat hunting, threat modeling, digital forensics, reverse engineering, phishing, and penetration testing.