Director, Enterprise Security Architecture & Assurance

The Opportunity: 

The Director, Enterprise Security Architecture & Assurance leads Mattel’s security assessment, vulnerability management, application security, and cloud security functions. This role ensures security is embedded by design across Mattel’s enterprise platforms, digital products, cloud services, and third-party ecosystem.

The Director is a member of the Cyber Security Leadership Team and a standing member of the Enterprise Architecture Council, influencing enterprise security strategy, architecture standards, and technology decisions to protect Mattel’s brands, consumer data, and intellectual property.

What Your Impact Will Be: 

Security Assessments & Due Diligence

• Lead enterprise security assessments, including third-party, vendor, and supply chain risk evaluations as well as M&A security due diligence.
• Define assessment methodologies aligned to NIST, ISO, and SOC 2 standards.
• Partner with Legal, Privacy, Procurement, and business leaders to communicate risk and remediation priorities.

Vulnerability Management

• Own Mattel’s enterprise vulnerability management program across infrastructure, applications, and cloud.
• Work closely with operational IT and Engineering teams to remediate vulnerabilities and control deficiencies.
• Establish risk-based prioritization, remediation SLAs, and executive-level reporting.
• Define and track vulnerability and control-maturity metrics, providing regular reporting to senior leadership and supporting Board-level cyber risk visibility.

Cloud & Application Security

• Define and govern cloud security architecture for public and hybrid cloud environments.
• Establish cloud security guardrails, reference architecture, and patterns aligned to shared responsibility models to enable secure and scalable cloud adoption.
• Lead the application security program, including secure SDLC practices and code reviews aligned to OWASP.
• Oversee application security tooling and automation (e.g., SAST, DAST, SCA) to scale secure development practices.
• Partner with engineering teams to embed security into cloud-native and application designs.

Architecture & Governance

• Serve on the Enterprise Architecture Council, ensuring security and privacy are embedded in technology standards and design decisions.
• Review and influence major architecture initiatives and platform investments to ensure alignment with enterprise security strategy and risk posture

Cyber Leadership & Collaboration

• Actively contribute as a member of the Cyber Security Leadership Team, shaping strategy, roadmap, and investment priorities.
• Advise senior leaders on security risk, architectural tradeoffs, and control maturity.
• Act as a trusted advisor to executive stakeholders on emerging threats, control gaps, and risk acceptance decisions.

People Leadership

• Build and lead high-performing security teams and strategic partners.
• Drive a culture of accountability and continuous security improvement.