Sr. Vulnerability Advisor

Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. For more than 25 years, our development teams have created some of the most critically acclaimed and commercially successful entertainment experiences, captivating and engaging audiences around the world. We are incredibly proud of our ability to deliver consistently the highest-quality titles, as well as our colleagues who help to create our unique culture and work environment that is inclusive, diverse, and dynamic.

While our offices are casual and inviting, we are deeply committed to our core tenets of creativity, innovation and efficiency, and individual and team development opportunities. Our industry and business are continually evolving and fast-paced, providing numerous opportunities to learn and hone your skills. We work hard, but we also like to have fun, and believe that we provide a great place to come to work each day to pursue your passions. 

In today's dynamic and interconnected digital landscape, a robust vulnerability management program is paramount to safeguarding our expanding attack surface. The relentless pace of technological change, the complexities of cloud environments, and the escalating sophistication of cyber threats demand a dedicated expert to proactively identify and neutralize weaknesses.

That’s where you come in. We are seeking an experienced Senior Vulnerability Management Advisor who will serve as the central orchestrator for exposure management and risk reduction across a diverse portfolio of Label partners. In this high-impact, consultative role, you will bridge the gap between technical infrastructure findings, application vulnerabilities, and business-critical decision-making by translating complex data into actionable priorities. You will drive the end-to-end remediation lifecycle from initial assessment to final validation, collaborating and communicating with Label leadership to define ownership, navigate resource constraints, and manage formal risk exceptions. By providing Information Security leadership with a transparent, data-driven view of the global risk posture, you will ensure every identified risk, whether from automated scans, penetration tests, or red team engagements, is understood, justified, and technically verified through time-bound remediation plans.

• Serve as the central contact for vulnerability and risk activities with Label partners, ensuring all assessments and remediation efforts align with internal standards and external regulatory obligations.
• Translate complex technical vulnerability findings into clear, actionable risk priorities tailored to specific business impact, data sensitivity, and operational feasibility.
• Coordinate the scheduling, scope, and timely execution of vulnerability scanning and risk assessments in close partnership with the integrated risk and exposure management lead.
• Create partnerships and establish remediation plans with Label partners and technical owners, securing formalized ownership, realistic timelines, and necessary resource commitments.
• Track remediation progress to identify blockers, and independently verify that implemented fixes or compensating controls effectively mitigate identified risks before closure.
• Proactively identify remediation delays and escalate unresolved or critical risks to information security and label leadership through established governance channels.
• Provide consistent guidance on patching, secure configuration, and preventative practices to drive a "shift-left" approach and reduce the recurrence of vulnerabilities.
• Lead high-level briefings between technical teams and Label leadership to drive consensus on remediation priorities, resource trade-offs, and formal risk-acceptance decisions.
• Deliver concise, high-impact dashboards to Label leadership that synthesize vulnerability posture and patching velocity into actionable insights, utilizing long-term trend analysis to identify systemic issues—such as recurring configuration errors—and propose holistic, cross-Label remediation strategies.
• Maintain rigorous documentation of vulnerabilities, remediation status, and active risk exceptions within the enterprise risk register, ensuring all exceptions are technically justified, time-bound, and periodically reviewed.
• Identify opportunities to streamline vulnerability management processes and facilitate "Lessons Learned" sessions to share best practices and remediation strategies across all Labels.

• Minimum of 5 years in Information Security, focused on Vulnerability Management and Information Security Risk within a large-scale, decentralized, or multi-label corporate environment.
• Deep understanding of the vulnerability lifecycle across cloud infrastructure (AWS/GCP/Azure), containerized environments, and applications, including the ability to interpret findings from Prisma Cloud, Qualys/Tenable, and manual Penetration Tests.
• Direct experience with ServiceNow Vulnerability Response (VR) and Application Vulnerability Response (AVR), specifically in building dashboards, managing assignment rules, and automating remediation tracking
• Proven track record in managing risk registers, establishing remediation SLAs, and facilitating formal Risk Acceptance/Exception processes aligned with frameworks like NIST CSF, ISO 27001, or CIS.
• Exceptional ability to translate complex technical vulnerabilities into business-impact language for non-technical stakeholders and negotiate remediation priorities with senior IT and Business leadership.
• Comfort working cross-functionally with infrastructure, development, and support teams to drive remediation at scale.
• Professional information security or risk management certifications (e.g., CISSP, CRISC, or CISM) are highly preferred.
• Specialized security certifications (e.g., SecurityX/CASP+, CCSP, PNPT) are also highly preferred.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related technical field; equivalent professional experience and a history of driving continuous process improvement in security operations will also be considered.

• Great Company Culture. Ranked as one of the most creative and innovative places to work, creativity, innovation, efficiency, diversity and philanthropy are among the core tenets of our organization and are integral drivers of our continued success.
• Growth: As a global entertainment company, we pride ourselves on creating environments where employees are encouraged to be themselves, inquisitive, collaborative and to grow within and around the company.
• Work Hard, Play Hard. Our employees’ bond, blow-off steam, and flex some creative muscles – through corporate boot camp classes, company parties, game release events, monthly socials, and team challenges.
• Benefits. Medical (HSA & FSA), dental, vision, 401(k) with company match, employee stock purchase plan, commuter benefits, in-house wellness program, broad learning & development opportunities, a charitable giving platform with company match and more!
• Perks. Fitness allowance, employee discount programs, free games & events and stocked pantries.

Take-Two Interactive Software, Inc. (“T2”) is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organization.  Employment at T2 is based on substantive ability, objective qualifications, and work ethic – not an individual’s race, creed, color, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.

Please be aware that Take-Two does not conduct job interviews or make job offers over third-party messaging apps such as Telegram, WhatsApp, or others. Take-Two also does not engage in any financial exchanges during the recruitment or onboarding process, and the Company will never ask a candidate for their personal or financial information over an app or other unofficial chat channel. Any attempt to do so may be the result of a scam or phishing exercise. Take-Two’s in-house recruitment team will only contact individuals through their official Company email addresses (i.e., via a take2games.com email domain). If you need to report an issue or otherwise have questions, please contact [email protected]