Skip to main content

Staff Security Specialist, Compliance

Apply NowApply Later Job ID 956026BR Location Burbank, California, United States Business The Walt Disney Company (Corporate) Date posted Apr. 05, 2022

Job Summary:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

TWDC Information Security Governance, Risk Management, & Compliance provide organizational structure, processes, and oversight to ensure policies, standards, and management practices meet TWDC’s information security objectives. Also, runs ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting.

Responsibilities:

  • Evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information.
  • Reviews and enhances network systems and processes for compliance with external regulations and internal standards.
  • Proactively identifies non-conforming areas and assesses risk.
  • Recommends and implements compliance measures.
  • Provides advice on compliance issues to solve challenging security compliance problems.
  • Ensures documentation and reporting in support of analysis.
  • Stays current on evolving legislative / regulatory changes related to security compliance.
  • Coordinates with multiple stakeholder groups across TWDC to assess and monitor information security risks resulting from the use of external service providers.
  • Responsible for planning, conducting and reporting on third party assessments including assessment planning, execution, and reporting; generating and distributing monthly findings past due reports; conducting RFP or rapid assessments when business conditions warrant; and providing quality assurance reviews of assessments conducted by others.
  • Lead the third party assessment of outside legal counsel in support of Legal Operation’s mission. This effort includes planning, conducting, and reporting on external law firms and following-up and tracking resolution of agreed-upon finding remediation plans.
  • Provide consulting to internal business partners regarding third party risk and business side responsibility for controls when engaging a third party to deliver business objectives.
  • Provide timely advice on security requirements in proposed and existing vendor contracts including advising the requestor when vendor proposed changes represent a high risk to Disney interests.
  • Support the manager in preparing biweekly and monthly KPI, KRI, and status reports.
  • Oversee data quality and workflow processes with Enterprise tools by conducting periodic data quality reviews; documenting and maintaining third party assessment procedures; and submitting requests for changes and enhancements based on changing third party assessment needs.
  • Conduct quarterly disaster recovery inventory compliance work and prepare timely reports to leadership: coordinating with ISO teams in every segment and data transformations to transform received data into standardized content.
  • As needed, provide disaster recovery advice to technology teams and maintain working relations with Disney business continuity planning.

Basic Qualifications:

  • 10+ years of IT audit, or IT security and/or compliance experience
  • Prior experience working within a global media or entertainment organization, supporting enterprise security functions
  • Experience working with procurement and legal teams
  • Knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GDPR, Payment Card Industry, Domestic and International Privacy regulations)
  • Knowledge and experience with diverse IT architectures and enterprise IT data centers, hosted services and cloud computing environments
  • Knowledge of configuration management, change control/problem management integration, risk assessment, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.)
  • Must have ability to communicate effectively to all levels of the organization as well as to external stakeholders
  • Must be able to establish credibility as a business partner respected by client-base with proven ability to gain “buy-in” from teams without direct line of authority
  • Ability to develop consensus within an organization climate of diverse operational activities, cultures and geographic locations
  • Project/program management and prioritization skills

Preferred Qualifications:

  • External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
  • 5+ years of program and project management experience
  • 5+ years of experience in third party risk management or IT vendor management experience
  • 1+ years of experience in law firm or inside counsel cybersecurity
  • 1+ years of experience with vendor risk management products
  • Experience presenting and influencing mid-level executives on IT security and matters
  • Knowledge and experience applying common security frameworks such as ISO27001 and SOC2
  • Knowledge of Cloud and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)

Required Education

  • 4-year degree Computer Science, Risk Management, Information Security and/or equivalent professional experience
  • 1 or more Information Security Certification such as CISA, CISM, CRISC, CBCP, CTPRA, C3PRMP

Preferred Education

  • Master's degree in computer science or IT Audit related field is preferred.

Additional Information:

#DISNEYTECH
#LI-JP4

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply NowApply Later

Watch Our Jobs

Sign up to receive new job alerts and company information based on your preferences.

For Disney Job Alerts to work, JavaScript must be enabled in your browser.