Skip to main content

Staff Security Specialist, Risk Management

Apply NowApply Later Job ID 7108052020220508 Location Santa Monica, California, United States / New York, New York, United States Business The Walt Disney Company (Corporate) Date posted Nov. 16, 2022 Flex Type Hybrid

- This role is considered hybrid, which means the employee will work a portion of their time on-site from a Company designated location and the remainder of their time remotely.

Job Summary:

Overview:

This position can be located in the Greater LA area or New York, NY.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We are here to protect the brand and reputation while enabling and supporting the business units.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats, as well as changes in business and technology. This process includes:

  • Analysis of known and emerging threats to determine risks against TWDC assets

  • Creation, maintenance, governance and communication of security policies and standards across TWDC

  • Assessment and audit of compliance against the security policies and standards

  • Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

The Disney Streaming organization is a part of the Disney Media, Entertainment, and Distribution segment of The Walt Disney Company. The Disney Streaming Information Security team is tasked with ensuring the security of our streaming platforms and products, as well as the consumers of our products. In order to support the rapid and massive growth of our steaming business, the Disney Streaming Information Security team offers versatile and agile security services to our technology partners that align with the innovative, fast-paced culture of the technology teams we support. The Disney Streaming Information Security team, partners with streaming technology stakeholders, Global Information Security colleagues, and cross-functional information security counterparts to protect the wide range of streaming products and the consumers of those products on behalf of the TWDC enterprise.

The Disney Streaming Information Security Risk Management team operates as trusted advisors to ensure risks to the confidentiality, integrity, and availability of TWDC data and services are identified and assessed, while driving for risks to be managed at an acceptable level. This is accomplished by analyzing identified risks, key risk measures, and control measurements across the technology environment; while also engaging key stakeholder and leveraging the risk management framework.

Responsibilities of the Disney Streaming Information Security Team include:

  • Security architecture and design reviews

  • Threat modeling

  • Automated and manual secure code reviews

  • Consumer identity and data protection

  • Risk management services

  • Control assurance and testing services

  • Compliance and policy engagements

  • Offensive security services

  • Security engineering and tooling

  • Partnering with technology teams to ensure proper implementation of security controls

  • Evaluating security tooling and costs associated with tools.

  • Third party and partner security engagements

  • Compliance; management audit, SOX, PCI

  • Documenting internal processes and identifying KPIs to effectively measure program performance.

  • Data & Content Security

  • Security operations

  • Incident Response

Description:

The Staff Security Specialist, Risk Management is responsible for being a lead in advising & supporting the strategic advancement and the operational excellence of Disney Streaming’s Information Security Risk Management’s functions. The successful candidate must possess skills to actively engage with technology, compliance, engineering, business, legal & data teams and maintain strong working relationships with those partners. The successful candidate will possess strong analytical skills, experience in risk management, understanding of key risk indicators, performance of third party assessments, internal risk assessments, audit deliverables, corrective action items, experience with compliance & regulatory requirements pertaining to a variety of data types, and technical knowledge that dictates Disney Streaming & TWDC risk management requirements in line with policies & standards, as well as a strong ability direct/indirect reports, resource allocation and prioritization, program management, budgets, & key risk metrics important to Disney Streaming & is required for GIS teams.

Responsibilities:

  • Act as a point of contact for risk assessments/control assessments, guide metric collection focused on Disney Streaming needs, & risk ratings.

  • Advise and consult with partners on identified information security issues & risks.

  • Identify, qualify, and prioritize risk management program priorities within Disney Streaming and key projects needing to occur based on those priorities.

  • Partner with technical teams & non-technical teams to implement risk management best practices alongside other Disney Streaming Risk Management leaders & Information Security management stakeholders.

  • Produce and/or compile artifacts and deliverables that inform the enterprise of areas of risk in relation to data, processes, people & technology.

  • Perform high risk likelihood, high priority risk reviews of internal & external initiatives.

  • Quantify risks of highest concern to the streaming business & industry.

  • Regularly assist in security assessments & analysis, especially those around sensitive data, high impact systems and data sharing internally & externally.

  • Support risk activities related to data & content security, when identified.

  • Develop and provide risk (reporting) content for various operational and senior-leadership meetings, briefings, and dashboards.

  • Analyze, measure, and monitor a breadth of technology risks and facilitate treatment decisions.

  • Guide and advise partner teams on relevant risk management processes and risk reduction strategies.

  • Communicate both verbally and in writing with team members and management on risk management issues

  • Participate in development of executive risk reporting.

Basic Requirements:

  • Minimum 7 years in technology organizations with 3-5 years of success being an expert in the security risk discipline within large organizations.

  • Proven experience in understanding security vulnerabilities and identifying remediation techniques.

  • Comfortable working with cross functional teams across departments, business segments and Corporate GIS.

  • Knowledge of security frameworks, controls & regulations.

  • Experience in participating in and leading information security projects with validated application in business and technical environments; balancing multiple projects, engaging key partners, and driving accountability for meeting deliverables within established timelines.

  • Knowledge of evaluating and assessing security risks & threats across a variety of environments and industries.

  • ​Outstanding verbal, written and interpersonal communication skills with the ability to apply common sense to carry out instructions.

  • Experience leading audit engagements, both facilitating and managing.

  • Knowledge of PCI, CCPA, GDPR, SOX or similar.

  • Experience working with environments heavy on microservices.

Preferred Qualifications:

  • Extensive risk assessment (and analysis) training or experience.

  • Factor Analysis of Information Risk (FAIR) training.

  • Tableau Site administration or publishing

  • Sharepoint site administration, features such as Flow or workflow

  • Jira administration

  • Confluence site administration

  • CISSP, CISM, CISA, CRMP, CRISC, CDPSE, or equivalent

The hiring range for this position in 77 West 66th Street New York, NY is $123,902.00 to $166,210.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Hulu Enterprises, LLC, which is part of a business we call The Walt Disney Company (Corporate).

Hulu Enterprises, LLC is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply NowApply Later

Watch Our Jobs

Sign up to receive new job alerts and company information based on your preferences.

For Disney Job Alerts to work, JavaScript must be enabled in your browser.