Manager, Application Security and Compliance
Burbank, CA

Job Description

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. The Enterprise Technology organization drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

This role is part of the Enterprise Business Systems (EBS) organization. Our mission is to provide business technology solutions for the enterprise that empower growth, and enhance value across brands, geographies and organizations. The Application Support and Operations group is part of the EBS organization. We are responsible for excellence in operating business systems and processes in support of the enterprise. We lead with a culture of continuous improvement, innovation and automation.

We look to add team members who are focused on delivery, passionate about customer service, make data-driven decisions, are life-long learners, and prefer to work in a high-tempo, problem-solving work environment.

The Manager, Application Security & Compliance is a security expert, who drives decisions based on risk and business impact. The role will lead a team of Security & Compliance specialist focused on application security, compliance and controls assurance. This role will be the focal point for the EBS "Security by Design" initiative, partnering with stakeholders to identify and drive improvements in the software development lifecycle across the portfolio. In addition, this role is responsible for all aspect of Compliance, partnering with service line owners to ensure regulatory and industry statues are met

Job Type

Full Time

Segment

The Walt Disney Company (Corporate)

Category

Technology

Basic Qualifications

* Minimum 10 years in technology organizations with 3-5 years of success leading a security discipline within large organizations
* 4+ years experience in an application development environment, with emphasis in agile development
* 4+ years experience leading compliance management within a regulated environment (SOX, GDPR, HIPAA)Must have thorough knowledge of information security components, principles, practices, and procedures.
* Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, GDPR, HIPAA
* Must have thorough knowledge of web application, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
* Require one of the following certification: CISSP, CISM, CISA or equivalent

Critical Competencies for Success

Leadership Skills:

* A self-starter, who can effectively navigate a complex organizational structure, managing teams through influence and direct line management.
* Ability to establish executive level relationships across the various business and technology executives within TWDC.
* Establish and manage effective working relationships in a matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.
* A person that can decide and act without having the total picture and is comfortable handling risk and uncertainty.

Execution Skills:

* A proven track record of execution, the candidate must be able to deliver the Security & Compliance strategy by defining a clear vision of desired outcomes tied to business needs.
* Technical acumen and experience across the "full application stack." Must have a technical background and demonstrated ability to understand the holistic impact of security within the environment.
* A "working IT manager" who gets into the details and is experienced in managing multiple medium to large scale initiatives and cross functional teams.
* Equally comfortable with executives, manager-level stakeholders, architects and developers--this is a hands-on position with regards to people and detail.
* Ability to identify and marshal resources (people, funding, support) to get projects initiated and completed.
* Ability to influence a significant transformation in the security management & development landscapes.
* Practical knowledge and applied experience related to Security & Compliance principles and ability to lead a team of Security specialists in the development of capability roadmaps.
* Conversant in the enterprise technology landscape and ability to leverage that knowledge in delivering business outcomes with speed.
* Understands the principles and practices of Security Management and can effectively proceed through review boards activities.

Business

The Walt Disney Company (Corporate)

Required Education

Bachelor's Degree in Computer Science, Information Systems, Engineering, or related technical field

Preferred Qualifications

* 4+ year's experience in Secure Software development, with experience in a Continuous Integration / Continuous Deployment / DevOps environment
* Strong Knowledge of penetration testing, Red Team exercises and security assessments is highly desirable.

Postal Code

91502

Preferred Education

MBA or Masters in a technical field would be beneficial

Responsibilities

* Managing a team of Security & Compliance specialist which are chartered with enhancing the security profile of the EBS application portfolio.
* Analyzing the state of security within the organization and developing, communicating and optimizing a roadmap to address challenges
* Developing and implementing comprehensive best practices across the application security discipline, institutionalizing, measuring and monitoring the effectiveness across the EBS portfolio.
* Creating an Application Security multi-year strategy, assessing current state and driving the organization toward higher levels of maturity and efficiency. This will include partnering with EBS Executives, stakeholders and vendor/partners.
* Partnering with the Application Security Architect in establishing "Security by Design" into all new services, while assessing and driving security enhancements across existing solutions.
* Developing the Security Assurance program for EBS, extending beyond traditional Compliance into security effectiveness and continuous assessment.
* Identifying and eliminating manual processes through the use of automation, especially in the areas of Compliance.
* Acting as the security representative for EBS across the various security working committees, partnering with the Global Information Security team and segment peers.

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. The Enterprise Technology organization drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

This role is part of the Enterprise Business Systems (EBS) organization. Our mission is to provide business technology solutions for the enterprise that empower growth, and enhance value across brands, geographies and organizations. The Application Support and Operations group is part of the EBS organization. We are responsible for excellence in operating business systems and processes in support of the enterprise. We lead with a culture of continuous improvement, innovation and automation.

We look to add team members who are focused on delivery, passionate about customer service, make data-driven decisions, are life-long learners, and prefer to work in a high-tempo, problem-solving work environment.

The Manager, Application Security & Compliance is a security expert, who drives decisions based on risk and business impact. The role will lead a team of Security & Compliance specialist focused on application security, compliance and controls assurance. This role will be the focal point for the EBS "Security by Design" initiative, partnering with stakeholders to identify and drive improvements in the software development lifecycle across the portfolio. In addition, this role is responsible for all aspect of Compliance, partnering with service line owners to ensure regulatory and industry statues are met

Basic Qualifications

* Minimum 10 years in technology organizations with 3-5 years of success leading a security discipline within large organizations
* 4+ years experience in an application development environment, with emphasis in agile development
* 4+ years experience leading compliance management within a regulated environment (SOX, GDPR, HIPAA)Must have thorough knowledge of information security components, principles, practices, and procedures.
* Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, GDPR, HIPAA
* Must have thorough knowledge of web application, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
* Require one of the following certification: CISSP, CISM, CISA or equivalent

Critical Competencies for Success

Leadership Skills:

* A self-starter, who can effectively navigate a complex organizational structure, managing teams through influence and direct line management.
* Ability to establish executive level relationships across the various business and technology executives within TWDC.
* Establish and manage effective working relationships in a matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.
* A person that can decide and act without having the total picture and is comfortable handling risk and uncertainty.

Execution Skills:

* A proven track record of execution, the candidate must be able to deliver the Security & Compliance strategy by defining a clear vision of desired outcomes tied to business needs.
* Technical acumen and experience across the "full application stack." Must have a technical background and demonstrated ability to understand the holistic impact of security within the environment.
* A "working IT manager" who gets into the details and is experienced in managing multiple medium to large scale initiatives and cross functional teams.
* Equally comfortable with executives, manager-level stakeholders, architects and developers--this is a hands-on position with regards to people and detail.
* Ability to identify and marshal resources (people, funding, support) to get projects initiated and completed.
* Ability to influence a significant transformation in the security management & development landscapes.
* Practical knowledge and applied experience related to Security & Compliance principles and ability to lead a team of Security specialists in the development of capability roadmaps.
* Conversant in the enterprise technology landscape and ability to leverage that knowledge in delivering business outcomes with speed.
* Understands the principles and practices of Security Management and can effectively proceed through review boards activities.

Required Education

Bachelor's Degree in Computer Science, Information Systems, Engineering, or related technical field

Preferred Qualifications

* 4+ year's experience in Secure Software development, with experience in a Continuous Integration / Continuous Deployment / DevOps environment
* Strong Knowledge of penetration testing, Red Team exercises and security assessments is highly desirable.

Preferred Education

MBA or Masters in a technical field would be beneficial

Responsibilities

* Managing a team of Security & Compliance specialist which are chartered with enhancing the security profile of the EBS application portfolio.
* Analyzing the state of security within the organization and developing, communicating and optimizing a roadmap to address challenges
* Developing and implementing comprehensive best practices across the application security discipline, institutionalizing, measuring and monitoring the effectiveness across the EBS portfolio.
* Creating an Application Security multi-year strategy, assessing current state and driving the organization toward higher levels of maturity and efficiency. This will include partnering with EBS Executives, stakeholders and vendor/partners.
* Partnering with the Application Security Architect in establishing "Security by Design" into all new services, while assessing and driving security enhancements across existing solutions.
* Developing the Security Assurance program for EBS, extending beyond traditional Compliance into security effectiveness and continuous assessment.
* Identifying and eliminating manual processes through the use of automation, especially in the areas of Compliance.
* Acting as the security representative for EBS across the various security working committees, partnering with the Global Information Security team and segment peers.