Manager, Information Security and Compliance

HKDL Information Security and Compliance Team is part of the line of business (LOB) Technology, Digital and Data (T&D).  The team provides services to protect the value and use of Disney’s information through collaboration, standardization and enforcement across HKDL T&D.

This role will be leading and driving the information security and compliance team in

• delivering cyber security assurance and best practices oversight for HKDL T&D portfolio of products, platforms and services ecosystems, across complex multi-cloud, multi-partner environments.
• working closely with global partners, internal T&D teams, other LOBs and external vendors
• providing information security related advisory in accordance with corporate and segment standards, industry practices and external regulations.

Key Responsibilities

Leadership

Supervise and lead the information security and compliance team with a diverse of specialists and external vendors in

• Planning and ensuring information security assessments are conducted on HKDL T&D applications according to corporate standards
• fostering a sense of teamwork and collaboration while driving effective dialogue, spirit of continuous improvement, and team-oriented decision making
• driving team to manage security risk metrics and end to end remediation
• facilitating the internal or external audits, penetration testing, and red team activities relating to HKDL T&D
• participating in information security incident response team to handle information security incidents, work closely with segment counterpart in conducting investigations, and prepare incident reports

Partnership

Engage with different internal and external stakeholders to craft successful strategies, with lots of partnership opportunities from local, global and external

• Ensure effective communication with other T&D sub-teams and with other partners
• Act as the focal contact point with US partners about information security and compliance in T&D
• Best practices sharing and learnings with other sites, and working side-by-side with the global information security team
• Collaborate with teams to establish appropriate measures to reduce the risk of both accidental and malicious data disclosure
• Interactions with vendors to understand the new solutions in the marketplace and propose to management if needed

Result Driven

Act as the security architect and participate in architecture reviews to provide advisory and recommendation on information security related matters

• Provide value added input/ consultancy to the business partners and internal teams in security architecture and driving security by design
• Provide advice, recommendation and good practice in information security and compliance
• In partnership with application teams and other stakeholders, define and support the implementation of appropriate remediation plans to address identified gaps
• Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)

Project management

Lead and drive cross-team information security programs

• Maintain existing local managed privileged access management solution and develop a roadmap for additional capabilities
• Identify, propose and oversee the implementation of cross-team information security related program
• Providing leadership around any large-scale security & compliance projects created to execute remediation for any significant gaps identified, which may include the involvement of cross-functional teams

Business Savvy

• Capable to position and drive security initiatives as a business enabler
• Be the change champion and drive the others toward commitment to security
• Able to define, formulate and implement security strategy and potential roadmap
• Design and define security framework and architecture

Job Requirements

• Bachelor’s Degree or above in Computer Science, Technology, Engineering, Information/ Cyber Security, or relevant disciplines
• Minimum of 10 years working experience in information/ cyber security, IT audit/ governance/ compliance, technology risk management, or equivalent
• Holder of at least one industry recognized certification in information security (CISSP, CISA, CISM, or equivalent.)
• Prior experience in leading a team with solid understanding in information security and compliance related processes
• Possess knowledge of cyber security principles, information security risk managements, information/ cybersecurity controls and reviews to ensure adequate controls and adherence to company’s information security policies and standards
• Solid working experience in adopting security related framework/standards, such as PCI-DSS, Sarbanes Oxley (SOX), PDPO, GDPR, MITRE ATT&CK, etc.
• Good knowledge in control related best practices e.g. NIST, ISO 27001, SSAE21, COBIT, ITIL, etc.
• Knowledge of secure coding best practices, source code review, and internet threat vectors such as the OWASP top 10
• Excellent written and verbal communication skills in English and Chinese, with the ability to communicate technical topics to management and non-technical audiences
• Strong collaboration and interpersonal skills
• Strong problem solving, decision making, and analytical skills
• Attention to details, self-motivated and a good team player

HKProfessional #LI-AI1