Senior Security Specialist - Compliance
Burbank, California, United StatesApply NowApply Later
Job ID 916163BR Location Burbank, California, United States Business The Walt Disney Company (Corporate) Date posted Jan. 13, 2022
Job Summary:At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
Continuous learners, passionate about information security and love their work.
TWDC Information Security Governance, Risk Management, & Compliance provide organizational structure, processes, and oversight to ensure policies, standards, and management practices meet TWDC’s information security objectives.
TWDC Information Security Compliance run ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting.
Responsibilities:The department develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Reviews and enhances network systems and processes for compliance with external regulations and internal standards. Proactively identifies non-conforming areas and assesses risk. Recommends and implements compliance measures. Provides leadership on compliance issues to solve challenging security compliance problems. Ensures documentation and reporting in support of analysis. Stays current on evolving legislative / regulatory changes related to security compliance.
The Senior Security Specialist is primarily responsible for executing internal security assessment processes throughout the enterprise. The nature of the process is to work with security/compliance point of contacts throughout the enterprise to confirm the scope of the environment, determine the accountable signatory, create risk and control matrices, execute and document control tests, and produce a Report on Compliance and/or Attestation of Compliance.
The Senior Security Specialist also works to establish new control assessment processes and procedures across the security community. The role works to identify needs for security assessment and facilitates the creation of repeatable and effective processes to fit the need. The Senior Security Specialist works with a variety of different controls and platforms and should be well versed in the most common security controls. The role also requires a thorough understanding of cross functional process development and expertise in managing the output and reporting of such processes.
- Security Assessment Planning and Execution
- Reporting and Presentations
- Develop and facilitate new control assessment processes
- 5+ years in an information Security role accountable for assessing controls
- External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
- 1 year in an Information Security Compliance and/or Control Assessment role that would include developing and implementing control assessment processes
- Experience in executing security audits including but not limited to SSAE16/18, GDPR, PCI, SOX.
- Working knowledge of regulatory requirements including PCI, SOX, GDPR, HIPAA
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments used to dispense financial and accounting services
- Ability to analyze and interpret information and communicate effectively to all levels of leadership
- Experience assessing compliance, design and operational effectiveness of IT security controls in a large international company
- 1+ years of program and project management experience
- International experience
- Merger/acquisition experience
- Experience implementing or assessing the security of IT systems
- Knowledge of Cloud and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)
- Experience presenting and influencing C-level executives on IT security and matters
- Ability to build and maintain constructive working relationships with a diverse community of technical and non-technical audiences.
- Ability to articulate IT compliance requirements.
- Excellent planning and organization skills. Ability to focus/align tasks around critical initiatives in a time effective manner.
- Excellent verbal, written, and presentation skills.
- Ability to develop and deliver presentations.
- Knowledgeable of SharePoint administration, Excel, PowerPoint.
- Ability to work in large global environments spanning multiple time-zones.
- High standard of performance, attention to detail and commitment to excellence.
- Ability to follow through on commitments.
- Demonstrated initiative and good judgment.
- Self-starter with leadership skills and the ability to manage multiple tasks concurrently.
- Strong analytical, organizational and decision-making skills.
- Strong negotiation skills.
- Prior Disney experience is preferred.
- 4-year degree (Computer Science, Risk Management, Information Assurance) required
- 1 or more Information Security Certification such as CISA, CISSP, GSEC
- Master's degree in computer science or IT Audit related field is preferred.
About The Walt Disney Company (Corporate):
At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Disney Worldwide Services, Inc., which is part of a business segment we call The Walt Disney Company (Corporate).
Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.