Director, Enterprise Security Architecture & Assurance
About The Position
The Director, Enterprise Security Architecture & Assurance leads Mattel’s security assessment, vulnerability management, application security, and cloud security functions. This role ensures security is embedded by design across Mattel’s enterprise platforms, digital products, cloud services, and third-party ecosystem. The Director is a member of the Cyber Security Leadership Team and a standing member of the Enterprise Architecture Council, influencing enterprise security strategy, architecture standards, and technology decisions to protect Mattel’s brands, consumer data, and intellectual property.
Requirements
- 10+ years in cybersecurity or security architecture, with 5+ years in senior leadership roles, including leading managers or enterprise-scale security programs
- Expertise in security assessments, vulnerability management, cloud security, and application security.
- Strong knowledge of NIST, ISO 27001, SOC 2, and OWASP.
- Proven ability to partner with operational teams to drive risk remediation.
Nice To Haves
- Experience supporting consumer-facing digital platforms or global brands.
- M&A security due diligence experience.
- CISSP, CISM, and/or cloud security certifications.
Responsibilities
- Lead enterprise security assessments, including third-party, vendor, and supply chain risk evaluations as well as M&A security due diligence.
- Define assessment methodologies aligned to NIST, ISO, and SOC 2 standards.
- Partner with Legal, Privacy, Procurement, and business leaders to communicate risk and remediation priorities.
- Own Mattel’s enterprise vulnerability management program across infrastructure, applications, and cloud.
- Work closely with operational IT and Engineering teams to remediate vulnerabilities and control deficiencies.
- Establish risk-based prioritization, remediation SLAs, and executive-level reporting.
- Define and track vulnerability and control-maturity metrics, providing regular reporting to senior leadership and supporting Board-level cyber risk visibility.
- Define and govern cloud security architecture for public and hybrid cloud environments.
- Establish cloud security guardrails, reference architecture, and patterns aligned to shared responsibility models to enable secure and scalable cloud adoption.
- Lead the application security program, including secure SDLC practices and code reviews aligned to OWASP.
- Oversee application security tooling and automation (e.g., SAST, DAST, SCA) to scale secure development practices.
- Partner with engineering teams to embed security into cloud-native and application designs.
- Serve on the Enterprise Architecture Council, ensuring security and privacy are embedded in technology standards and design decisions.
- Review and influence major architecture initiatives and platform investments to ensure alignment with enterprise security strategy and risk posture
- Actively contribute as a member of the Cyber Security Leadership Team, shaping strategy, roadmap, and investment priorities.
- Advise senior leaders on security risk, architectural tradeoffs, and control maturity.
- Act as a trusted advisor to executive stakeholders on emerging threats, control gaps, and risk acceptance decisions.
- Build and lead high-performing security teams and strategic partners.
- Drive a culture of accountability and continuous security improvement.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Education Level
No Education Listed
