IT Security Ops Specialist (Business Title-Cybersecurity-Security Assesments) at MattelInc

Security Assessments is responsible for leading and delivering day-to-day security assessment and architecture review activities across applications, cloud platforms, infrastructure, and third-party integrations. This role combines hands-on technical execution with technical leadership, ensuring security risks are consistently identified, assessed, prioritized, and addressed in alignment with business objectives and regulatory requirements.  The Security Architect provides technical leadership and guidance while partnering closely with Security Operations, Cloud, Engineering, Product, and Vendor Management teams to drive remediation accountability and secure-by-design outcomes. Operating within a global delivery model, this role serves as a key execution and escalation point to ensure consistency, scalability, and resilience of Mattel’s security assessment and architecture program.  In addition to operational ownership, this role contributes to security architecture strategy, standards development, automation, and metrics to ensure assessment capability evolves alongside emerging threats, technologies, and compliance expectations.    Roles and Responsibilities  • Provide direct technical leadership and day-to-day oversight of security assessment and architecture review activities.  • Own and manage security assessments across applications, cloud platforms, infrastructure, SaaS/PaaS solutions, and third-party vendors.  • Serve as a key execution partner and escalation point for security assessment initiatives, ensuring alignment with enterprise security strategy and priorities.  • Perform and oversee security risk analyses, threat modeling, and architecture reviews for new and existing solutions.  • Translate assessment findings into actionable risk intelligence and remediation recommendations aligned to business impact.  • Partner with engineering, cloud, product, and vendor teams to communicate findings, recommend controls, and influence risk reduction decisions.  • Support vendor security due diligence activities, including questionnaires, evidence reviews, risk scoring, and remediation tracking.  • Evaluate security considerations for solutions leveraging automation, AI-enabled capabilities, and emerging technologies.  • Develop, maintain, and continuously improve security standards, patterns, reference architectures, runbooks, and assessment playbooks.  • Leverage security tooling and automation to improve assessment consistency, efficiency, and scalability.  • Interpret vulnerability and configuration findings and advise on remediation and compensating controls.  • Define, track, and report security assessment metrics (KPIs and KRIs) to communicate risk posture and trends.  • Monitor emerging threats, regulatory changes, and technology trends, incorporating lessons learned into improved controls and practices.  • Mentor and guide junior architects and analysts, strengthening technical depth and assessment maturity.  • Provide advanced escalation support for complex security risks and architectural challenges.  • Work hours may vary, and the position requires regular overlap with U.S.-based teams.  • Additional duties may be assigned as necessary to meet the ongoing needs of the organization.    Skills and Qualifications  Required:  • 9+ years of experience in information security, security architecture, or security engineering roles.  • Proven experience acting as a technical lead or senior individual contributor within security assessment or architecture functions.  • Strong understanding of security architecture principles across applications, infrastructure, cloud, and integrations.  • Hands-on experience conducting application, cloud, and third-party/vendor security assessments.  • Deep knowledge of cloud security concepts including IAM, networking, encryption, containers, serverless, and data protection.  • Experience with secure SDLC practices, CI/CD pipelines, application security testing, OWSAP and code management.  • Familiarity with security and compliance frameworks such as NIST, PCI, and industry best practices.  • Working knowledge of network security, web application security, and modern authentication technologies.  • Experience using industry-standard security scanning and assessment tools.  • Ability to contextualize technical findings into business risk and remediation guidance.  • Strong analytical, leadership, and stakeholder communication skills.    Preferred:  • Bachelor’s degree in computer science, Cybersecurity, Engineering, or equivalent experience.  • Experience with formal vendor risk management programs or assessment platforms.  • Basic scripting or automation experience (e.g., Python) to support assessment workflows.  • Experience working with globally distributed teams.  • Security certifications such as CISSP, CCSP, or CISM.  Shift Timing:   • Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, or security events.