Information Security Engineer
New York City / Remote
Sotheby's
Sotheby's is the premier destination for auctions and private sales of Contemporary, Modern & Impressionist, Old Master Paintings, Jewelry, Watches, Wine, Decorative Arts, Asian Art & moreABOUT SOTHEBY'S
Established in 1744, Sotheby’s is the world’s premier destination for art and luxury. Synonymous with innovation, Sotheby’s promotes access, connoisseurship and preservation of fine art and rare objects through auctions, private sales and retail locations. Our trusted global marketplace is supported by a network of specialists spanning 40 countries and 50 categories, which include Contemporary Art, Modern and Impressionist Art, Old Masters, Chinese Works of Art, Jewelry, Watches, Wine and Spirits, and Interiors, among many others.
THE ROLE
It is Sotheby’s responsibility to maintain the trust and respect of its clients, and in so doing retain the reputation of the Sotheby’s brand.
The Sotheby’s Information Security team is undergoing an exciting and strategic transformation with a major focus on safeguarding client information through our Data Protection Program; designed to introduce controls that limit data loss risk.
If you ever wondered why a security control even exists, and wanted to try and do it differently or better, this is the job opportunity for you. We challenge the current security mindset. We aren’t satisfied with compliance and checkboxes.
Sotheby’s Information Security Engineer will ensure that information remains in the hands of the right owners and is responsible for analyzing how data flows internally and externally, and will partner to deliver solutions to reduce real risks..
The Information Security Engineer is accountable for the development, implementation and ongoing support of Sotheby’s Data Loss Prevention Program.
The Information Security Engineer will develop new ventures and work with our industry partners in the core mission of ensuring that Sotheby’s services, applications, and infrastructure are designed and implemented to the highest security standards.
The Information Security Engineer will ensure that key data is monitored and protected.
RESPONSIBILITIES
- Interface with other teams, and take a leadership role in driving internal security and privacy initiatives
- Work with Director of Information Security, Information, Product & Technology teams, and Chief Technology Officer to design and implement network and application security controls
- Conduct quarterly business reviews to present current data security risks and initiatives to Global Compliance Counsel
- Organize strategic initiatives to steer end users on to corporate-managed solutions, limiting shadow IT
- Assist Sotheby’s Legal and Compliance departments with business-related security evaluations
- Create & be a stakeholder in the incident playbook
- Conduct proof of concepts for data security vendors including establishing requirements, design, testing, global implementation, and post-implementation maintenance
- Improve secure engineering practices in the engineering organization
- Conduct regular security and risk assessments of Sotheby’s applications, infrastructure, and security controls
- Triage incidents by examining violations and partnering with the business to further investigate as needed
- Aid internal business departments in classifying sensitive information in accordance with Information Security Policy
- Assist in developing Learning and Development initiatives to educate users on Information Security concepts
- Interact directly with the security community regarding vulnerabilities and threats
- Assist in the developing Information Security Policies, Standards, and Procedures as a stakeholder and SME.
- Participate in incident response workflows from alert to incident to post-incident review.
- Develop security operations workflows.
IDEAL EXPERIENCE & COMPETENCIES
- Bachelor’s Degree
- 1-3 years of experience working in an information security capacity, with experience in any of the following Cyber Security disciplines is a plus:
- Data loss prevention
- Vulnerability management
- Cloud security
- Application security
- Incident response
- Identity & access management
- Threat Modeling
- Vendor/Supplier management
- Secure Configurations
- Knowledge of programming and scripting languages
- Excellent communication skills
- Prior experience with technical business applications, knowledge of IT infrastructure and IT risks and controls
- Knowledge of IT regulatory and compliance requirements
- Experience with CASB implementation, data classification, GDPR, and Data Loss Prevention
- Prior experience with technical business applications, knowledge of IT infrastructure and IT risks and controls
Preferred Experience:
- Has knowledge of informaiton security frameworks, best practices, and regulations (GDPR, PCI, CIS, NIST CSF, etc.)
- Possesses one or more information Security certifications (CISSP, ISA, ISACA, SANS, etc.)
- Has public cloud (AWS/Azure/GCP) information security experience
- Experience with Netskope, Splunk, Okta, Crowdstrike, Tableau, Malware Bytes,Scripting (python, powershell, etc) are a plus
- Leans with a growth mindset and question the information security status-quo & ‘security theater’ that may be found elsewhere
- Will have one or more relevant professional certifications (CISSP, SANS, CISM, or other) and will continue to grow and achieve professional goals.
- Has demonstrated successful experience in a related area, such as security engineering or operations, management consulting, or management and has the ability to discuss and articulate more technical and complex security topics (in addition to risk management concepts and the process of risk assessments).
- Has confidence in their expertise, but also knows who to look to for help. Achieving greater skill sets and expanding their understanding of security control techniques should be an on-going goal.
- Understands they must gain experience in other areas of technical or operational engineering. Ongoing education to maintain their certs and challenge their expertise will motivate this person.
- Understands workload management including understanding and seeking help prioritizing. They help others on the team that may need their leadership, but their leadership qualities enable them to also lead people outside of their team or department.
- Is able to communicate reports to coworkers in any department and help them understand proper information security controls, especially to non-technical team mates
- Help coworkers figure out good security controls without compromising ethics or introducing unacceptable risk.
To view our Candidate Privacy Notice for the US, please click here.
To view our Candidate Privacy Notice for the UK, Hong Kong, France and Switzerland, please click here.
The Company is an equal opportunity employer and considers all applicants for employment without regard to race (including, without limitation, traits historically associated with race, such as natural hair, hair texture, and protective and treated or untreated hairstyles), color, creed, religion, sex, sexual orientation, marital or civil partnership/union status, national origin, age, disability, pregnancy, genetic predisposition, genetic information, reproductive health decision, sexual orientation, gender identity or expression, alienage or citizenship status, domestic violence victim status, military or veteran status, or any other characteristic protected by federal, state/province or local law. The Company complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it operates.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Azure CISM CISSP Cloud Compliance CrowdStrike GCP GDPR Incident response ISACA IT infrastructure Malware NIST Okta PowerShell Privacy Python Risk assessment Risk management SANS Scripting Splunk Vulnerabilities Vulnerability management
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs