Sr. Information Security EngineerNewAustin, Texas

Sr. Information Security Engineer

Headquartered in New York City, Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. The Company develops and publishes products principally through 2K, Rockstar Games, and Zynga. Our products are currently designed for console gaming systems, PC, and Mobile, including smartphones and tablets, and are delivered through physical retail, digital download, online platforms, and cloud streaming services. The Company's common stock is publicly traded on NASDAQ under the symbol TTWO.

While our offices (physical and virtual) are casual and inviting, we are deeply committed to our core tenets of creativity, innovation and efficiency, and individual and team development opportunities. Our industry and business are continually evolving and fast-paced, providing numerous opportunities to learn and hone your skills. We work hard and have fun. We believe our workplace is a great environment to pursue your passions.

The Challenge

In today's highly interconnected digital ecosystem, managing cyber risks across the supply chain is essential to securing our enterprise. The increasing reliance on third-party software and service providerscoupled with the growing sophistication of supply chain-based cyber threatsrequires a strategic, proactive approach to risk identification and mitigation.

That's where you come in. We are seeking a seasoned Information Security Engineer to play a vital role in fortifying our end-to-end cyber supply chain security risk management efforts. In this role, you will assess and manage cyber risks associated with external partners, suppliers, platforms, and integrationsensuring that our technology ecosystem remains resilient and compliant. You will collaborate closely with Label partners and information security engineering, product security, security operations, risk management and other information security teams to evaluate supplier security posture, monitor for cyber supply chain vulnerabilities, and implement robust risk mitigation strategies. Your efforts will directly support the business by enabling secure, reliable, and compliant supplier relationships across the enterprise.

What You'll Take On

• Conduct comprehensive cyber risk assessments on suppliers, vendors, and third-party service providers leveraging questionnaires and technical assessments.
• Evaluate and review technical integrations with third-party systems, services, and APIs / SDKs to ensure secure architecture and data flows, including verification of security configurations and controls.
• Collaborate with architecture, engineering, and Label-partner technical integration teams to assess risks introduced through direct and indirect system integrations and define security requirements for third-party contracts and security addendums.
• Collaborate with the C-SCRM Lead to develop and maintain a cyber supply chain cybersecurity risk management strategy aligned with industry standards (e.g., NIST SP 800-161, etc.), tailored to the Company's strategic objectives, and regularly updated based on evolving threats and regulations.
• Monitor and evaluate third-party risk indicators and threat intelligence relevant to cyber supply chain operations, including security ratings, vulnerability disclosures, and security incidents, potentially utilizing security monitoring tools and threat intelligence platforms.
• Recommend and define specific security requirements and guidelines for third-party connections, proposing controls and mitigation strategies for cyber supply chain risks, including compensating controls when necessary, and validating the implementation of these controls.
• Collaborate with internal teams during incident response scenarios involving cyber supply chain partners, including investigation, communication, and reporting, if needed.
• Track and report on supply chain cyber risks and control effectiveness to senior leadership through defined metrics and key performance indicators (KPIs) in a clear and concise manner, communicating risk findings and remediation efforts to relevant stakeholders.
• Stay updated on current threats, vulnerabilities, and regulatory changes impacting the cyber supply chain landscape through continuous learning, participation in industry forums, and professional development, and evaluate and recommend new tools and technologies for supply chain risk management.

What You Bring

What We Offer You

Take-Two Interactive Software, Inc. ("T2") is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organization. Employment at T2 is based on substantive ability, objective qualifications, and work ethic not an individual's race, creed, color, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.

Please be aware that Take-Two does not conduct job interviews or make job offers over third-party messaging apps such as Telegram, WhatsApp, or others. Take-Two also does not engage in any financial exchanges during the recruitment or onboarding process, and the Company will never ask a candidate for their personal or financial information over an app or other unofficial chat channel. Any attempt to do so may be the result of a scam or phishing exercise. Take-Two's in-house recruitment team will only contact individuals through their official Company email addresses (i.e., via a take2games.com email domain). If you need to report an issue or otherwise have questions, please contact Careers@take2games.com.