THE AGENCY
Creative Artists Agency (CAA) is a leading entertainment and sports agency, with global expertise in filmed and live entertainment, digital media, publishing, sponsorship sales and endorsements, media finance, consumer investing, fashion, brand management and consumer product licensing, and philanthropy. Distinguished by its culture of collaboration and exceptional client service, CAA’s diverse workforce identifies, innovates, and amplifies opportunities for the people and organizations that shape culture and inspire the world.
The trailblazer of the agency business, CAA was the first to build a sports business, create an investment bank, launch a venture fund, found technology start-up companies, establish a philanthropic arm, build a business in China, form brand marketing services division, and launch a family office advisory practice, among other innovations. Named Most Valuable Sports Agency by Forbes for 10 consecutive years, CAA represents more than 3,000 of the world’s top athletes in football, baseball, basketball, hockey, and soccer, in addition to coaches, on-air broadcasters, and sports personalities and works in the areas of property sales and sponsorships, media advisory, brand consulting, venue development and strategic advisory, and executive search.
Founded in 1975, CAA is headquartered in Los Angeles, and has offices in New York, London, Nashville, Munich, Shanghai, Beijing, Chicago, Washington, D.C., Singapore, Toronto, Denver, Charlotte, Jacksonville, and Atlanta, among other locations globally. For more information, please visit www.caa.com.
OVERVIEW
This is a hands-on security position working within the Information Security group and with the internal IT department. This position’s core focus is to ensure consistent, measurable end-to-end delivery of security services. The successful candidate will work to develop and deploy capabilities, ensuring enterprise systems and data are protected with the security controls and tools required to meet policy and compliance requirements.
We are looking for candidates who have a passion for cyber security, threat detection, risk mitigation, and response. You will be a key part of our efforts to build and support a defensible environment where we are able to detect, contain and respond quickly to threats and compromise in ways that serve to enable the business needs of a highly collaborative organisation. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.
Responsibilities to include:
Define and evolve security tooling aligned to cybersecurity architecture and risk objectives
Evaluate new and emerging threats against existing security controls; ensuring controls remain effective to meet business objectives
Translate threat intelligence and risk assessments into engineering roadmaps
Review the designs of proposed major applications and upgrades for compliance with security architecture; deliver cross team security integration capabilities
Play an active role in CAA’s security incident response efforts, working to identify and mitigate information security threats
Use input from IRM leadership and key security metrics to ensure technical security controls are meeting desired objectives; implement a process of continual review and improvement to ensure the measurable effectiveness of CAA’s technical controls and security tooling
Support a security engineering culture focused on ownership and outcomes
QUALIFICATIONS/REQUIREMENTS
At least 10 years in Information Technology, ideally with a mixed focus on infrastructure and development projects and services
At least 2 years’ experience in information security
A bachelor’s or master’s Degree in a relevant field of work
Experience scripting in at least one of the following languages: PowerShell, Python, JavaScript
Experience supporting the implementation and operation of security tooling in the following areas: Zero Trust Access and Network Segmentation, Public Key Infrastructure (public and private), Endpoint and Workload Protection, Web Application Firewalls, Secure Email Gateways and Filters, Cloud Security, Secure DNS
Large-scale SIEM or security data lake implementations
A strong understanding of the fundamental operations of servers, operating systems, networks, cloud services, and infrastructure
An expert understanding of the key controls required for secure operation of these systems
Experience working in an Azure environment and/or strong knowledge of the Azure cloud environment
Demonstrated an organized and methodical approach to making improvements on past organizations security programs.
Has designed and maintained controls to support the secure delivery of applications through continuous development and continuous integration processes
Has built and managed frameworks to test and validate the effective operation of security controls; measuring the ability to stop threats and attacks at the earliest point in the kill chain
Background working within or implementing a secure development lifecycle