Sr. Vulnerability Advisor

Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. For more than 25 years, our development teams have created some of the most critically acclaimed and commercially successful entertainment experiences, captivating and engaging audiences around the world. We are incredibly proud of our ability to deliver consistently the highest-quality titles, as well as our colleagues who help to create our unique culture and work environment that is inclusive, diverse, and dynamic.

While our offices are casual and inviting, we are deeply committed to our core tenets of creativity, innovation and efficiency, and individual and team development opportunities. Our industry and business are continually evolving and fast-paced, providing numerous opportunities to learn and hone your skills. We work hard, but we also like to have fun, and believe that we provide a great place to come to work each day to pursue your passions. 

In today's dynamic and interconnected digital landscape, a robust vulnerability management program is paramount to safeguarding our expanding attack surface. The relentless pace of technological change, the complexities of cloud environments, and the escalating sophistication of cyber threats demand a dedicated expert to proactively identify and neutralize weaknesses.

That’s where you come in. We are seeking an experienced Senior Vulnerability Management Advisor who will serve as the central orchestrator for exposure management and risk reduction across a diverse portfolio of Label partners. In this high-impact, consultative role, you will bridge the gap between technical infrastructure findings, application vulnerabilities, and business-critical decision-making by translating complex data into actionable priorities. You will drive the end-to-end remediation lifecycle from initial assessment to final validation, collaborating and communicating with Label leadership to define ownership, navigate resource constraints, and manage formal risk exceptions. By providing Information Security leadership with a transparent, data-driven view of the global risk posture, you will ensure every identified risk, whether from automated scans, penetration tests, or red team engagements, is understood, justified, and technically verified through time-bound remediation plans.

• Serve as the central contact for vulnerability and risk activities with Label partners, ensuring all assessments and remediation efforts align with internal standards and external regulatory obligations.
• Translate complex technical vulnerability findings into clear, actionable risk priorities tailored to specific business impact, data sensitivity, and operational feasibility.
• Coordinate the scheduling, scope, and timely execution of vulnerability scanning and risk assessments in close partnership with the integrated risk and exposure management lead.
• Create partnerships and establish remediation plans with Label partners and technical owners, securing formalized ownership, realistic timelines, and necessary resource commitments.
• Track remediation progress to identify blockers, and independently verify that implemented fixes or compensating controls effectively mitigate identified risks before closure.
• Proactively identify remediation delays and escalate unresolved or critical risks to information security and label leadership through established governance channels.
• Provide consistent guidance on patching, secure configuration, and preventative practices to drive a "shift-left" approach and reduce the recurrence of vulnerabilities.
• Lead high-level briefings between technical teams and Label leadership to drive consensus on remediation priorities, resource trade-offs, and formal risk-acceptance decisions.
• Deliver concise, high-impact dashboards to Label leadership that synthesize vulnerability posture and patching velocity into actionable insights, utilizing long-term trend analysis to identify systemic issues—such as recurring configuration errors—and propose holistic, cross-Label remediation strategies.
• Maintain rigorous documentation of vulnerabilities, remediation status, and active risk exceptions within the enterprise risk register, ensuring all exceptions are technically justified, time-bound, and periodically reviewed.
• Identify opportunities to streamline vulnerability management processes and facilitate "Lessons Learned" sessions to share best practices and remediation strategies across all Labels.

• Minimum of 5 years in Information Security, focused on Vulnerability Management and Information Security Risk within a large-scale, decentralized, or multi-label corporate environment.
• Deep understanding of the vulnerability lifecycle across cloud infrastructure (AWS/GCP/Azure), containerized environments, and applications, including the ability to interpret findings from Prisma Cloud, Qualys/Tenable, and manual Penetration Tests.
• Direct experience with ServiceNow Vulnerability Response (VR) and Application Vulnerability Response (AVR), specifically in building dashboards, managing assignment rules, and automating remediation tracking
• Proven track record in managing risk registers, establishing remediation SLAs, and facilitating formal Risk Acceptance/Exception processes aligned with frameworks like NIST CSF, ISO 27001, or CIS.
• Exceptional ability to translate complex technical vulnerabilities into business-impact language for non-technical stakeholders and negotiate remediation priorities with senior IT and Business leadership.
• Comfort working cross-functionally with infrastructure, development, and support teams to drive remediation at scale.
• Professional information security or risk management certifications (e.g., CISSP, CRISC, or CISM) are highly preferred.
• Specialized security certifications (e.g., SecurityX/CASP+, CCSP, PNPT) are also highly preferred.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related technical field; equivalent professional experience and a history of driving continuous process improvement in security operations will also be considered.