Senior Information Security Technical Program Manager: Technical Security Audit and Risk Management

The opportunity

Unity understands the significance of a solid Security Program. The Security Program is key to maintaining customer confidence in our products and is the pathway to a well-tuned, functional Information Security Management System, Compliance and Program. This will be a chance to work on real security problems in a fast-paced high growth business. The person in this role will be at the helm of critical security risk and compliance projects with major impact across the company. You will help Unity to obtain and maintain applicable security certifications. You will have input into the overall security strategy to guide our security policy and architecture in addition to driving security awareness and compliance across the business units.

What you'll be doing

• Driving Technical audits and implementation of audit and control framework to monitor production environments for potential system integrity, cyber-risk exposure and control weaknesses
• Perform security gap analysis and help define specific/technical remediation measures.
• End-to-end project and program management : Manage audit and/or remediation projects. Produce high-quality deliverables, project material and audit documentation that are suitable for engineering teams, external stakeholders and auditors.
• Guide and work with engineering and DevOps as they execute on risk remediation and novel solutions Work day-to-day with technical Security engineers and collaborate with them for driving project progress and resolving blockers
• Be responsible for reporting on these projects to senior leadership. Effectively communicate not only with peers, engineers , devops, business development stakeholders, but also with VP and execs.
• Operate and lead initiatives within a distributed team and collaborate with colleagues both local and remote, cross functionally and within your department. Stay updated on the latest industry trends and technologies to keep our services cutting-edge.

What we're looking for

• Experience driving compliance or audit engagements (eg SOX or SOC 2 or PCI or ISO 27001). Experience conducting risk assessment on products and applications (in-house and/or third-party) to inculcate better security using NIST or Similar compliance frameworks..
• Experience working on cloud service providers such as AWS/GCP/AZURE, and knowledge of cloud services and infrastructure
• Experience in Vulnerability management ( Qualys/ORCA etc), Security Operations ( Logging and monitoring, SIEM and SOAR tools ) and Infrastructure Security.
• Familiarty with SAST/ DAST tools
• Exposure to distributed systems development and/or an understanding of container and orchestration technologies such as Docker, Kubernetes or Nomad.
• Strong understanding of software development best practices and design patterns, a security and quality first mentality and approach (Secure Software development Lifecycle SSDLC)
• Experience with one or more of the following: threat modeling, security reviews, vulnerability management, penetration testing, secure software development
• Excellent project management skills and communication and collaboration abilities, adept at working with teams across various disciplines. Experience with process mapping (preferably on MS Visio / Lucidchart or equivalent). Excellent skills with excel and powerpoint.
• Excellent communication skills and experience collaborating with cross functional teams, driving for alignment on key decisions, effective communication with project participants and leadership

You might also have

• Professional certifications in security, privacy risk management, and audit areas are a plus, such as PMP, CISA, CISM, CISSP, or CIPT.
• Experience with Unity, Unreal, or other game engines
• Experience working within an Agile environment (SCRUM/Kanban/XP) and leading work within teams

Additional information

• Relocation support is not available for this position.
• International relocation support is not available for this position.
• Work visa/immigration sponsorship is not available for this position.

Life at Unity

Unity [NYSE: U] is the world's leading platform of tools for creators to build and grow real-time games, apps, and experiences across multiple platforms. Creators, ranging from game developers to artists, architects, automotive designers, infrastructure experts, filmmakers, and more, use Unity to bring their imaginations to life across multiple platforms, from mobile, PC, and console, to spatial computing.

As of the fourth quarter of 2023, more than 69% of the top 1,000 mobile games are made with Unity as derived from a blended number of the top 1,000 games in the Google Play Store and iOS App Store. In 2023, Made with Unity applications had an average of 3.7 billion downloads per month. For more information, please visit www.unity.com.

Unity is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. Therefore, we provide employment opportunities without regard to age, race, color, ancestry, national origin, disability, gender, or any other protected status in accordance with applicable law. If there are preparations or accommodations we can make to help ensure you have a comfortable and positive interview experience, please fill out this form to let us know.

This position requires the incumbent to have a sufficient knowledge of English to have professional verbal and written exchanges in this language since the performance of the duties related to this position requires frequent and regular communication with colleagues and partners located worldwide and whose common language is English. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Unity does not accept unsolicited headhunter and agency resumes. Unity will not pay fees to any third-party agency or company that does not have a signed agreement with Unity.

Your privacy is important to us. Please take a moment to review our Prospect and Applicant Privacy Policies. Should you have any concerns about your privacy, please contact us at [email protected].

#SEN