Senior Application Security and Compliance Specialist
Burbank, CA

Job Description

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. The Enterprise Technology organization drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

This role is part of the Enterprise Business Systems (EBS) organization. Our mission is to provide business technology solutions for the enterprise that empower growth, and enhance value across brands, geographies and organizations.

The Application Support and Operations group is part of the EBS organization. We are responsible for excellence in operating business systems and processes in support of the enterprise. We lead with a culture of continuous improvement, innovation and automation.

Job Type

Full Time

Segment

The Walt Disney Company (Corporate)

Category

Technology

Basic Qualifications

* Minimum of 8 years in IT security in an environment of similar size/complexity
* 3+ years experience operating in an application development environment, with emphasis in agile development
* 3+ years experience in compliance management within a regulated environment (SOX, GDPR, HIPAA)
* Must have thorough knowledge of information security components, principles, practices, and procedures.
* Strong knowledge of industry and regulatory requirements (i.e., SOX, GDPR, HIPAA)
* Must have strong knowledge of web application, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
* Requires one of the following certifications: CISSP, CISM, CISA or equivalent

Business

The Walt Disney Company (Corporate)

Required Education

* Bachelor's Degree in Computer Science, Information Systems, Engineering, or related technical field

Preferred Qualifications

* 4+ years experience in Secure Software development, with experience in a Continuous Integration / Continuous Deployment / DevOps environment is preferred
* Strong knowledge of penetration testing, Red Team exercises and security assessment is highly desirable.

Postal Code

91502

Responsibilities

We look to add team members who are focused on delivery, passionate about customer service, make data-driven decisions, are life-long learners, and prefer to work in a high-tempo, problem-solving work environment.

The Sr. Application Security & Compliance Specialist is a security expert, who drives decisions based on risk and business impact. The role is part of the EBS Security & Compliance team, focused on application security, compliance and controls assurance. This role will focus on ensuring EBS systems are built to, and remain compliant against, the security standards of The Walt Disney Company. This role will support the EBS "Security by Design" initiative, partnering with stakeholders to identify and drive improvements in the software development lifecycle across the portfolio. In addition, this role is part of the team responsible for the compliance of the EBS portfolio, partnering with service line owners to ensure regulatory and industry statues are met.

Your responsibilities will include:

* Enhancing the security profile of the EBS application portfolio through the recommendation and implementation of appropriate controls, conducting periodic audits and taking a continuous improvement approach to security.
* Acting as the application security focal point for periodic regulatory, industry and TWDC audits, working with auditors and technology partners to validate compliance
* Analyzing the state of security within an assigned portion of the EBS portfolio, producing finding reports and developing roadmaps to address challenges
* Partnering with Application owners to address security & compliance needs. The Sr. Specialist is expected to analyze and recommend solutions.
* Contributing to the development and implementation of comprehensive best practices across the application security discipline, institutionalizing, measuring and monitoring the effectiveness across the EBS portfolio.
* Partnering with the Application Security Architect in establishing "Security by Design" into all new services, while assessing and driving security enhancements across existing solutions.
* Leveraging the EBS Security Assurance program, extending beyond traditional Compliance into security effectiveness and continuous assessment.
* Identifying and eliminating manual processes through the use of automation, especially in the areas of Compliance.
* Partnering with the Global Information Security team and segment peers in the spirit of partnership and on-going professional development.

Critical Competencies:

Leadership:

* A self-starter, who can effectively navigate a complex organizational structure, managing teams through influence and direct line management.
* Ability to establish executive level relationships across the various business and technology executives within TWDC.
* Establish and manage effective working relationships in a matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.
* A person that can decide and act without having the total picture and is comfortable handling risk and uncertainty.

Execution:

* Deep application and security expertise will be essential, as success will be accomplished through a matrixed environment of internal and external partners, and suppliers.
* Equally comfortable with executives, manager-level stakeholders, architects and developers--this is a hands-on position with regards to people and detail.
* Extensive knowledge of the enterprise technology landscape and ability to leverage that knowledge in delivering business outcomes with speed.
* A practitioner of Application Security & Compliance principles and can effectively proceed through review boards and other activities.

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. The Enterprise Technology organization drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

This role is part of the Enterprise Business Systems (EBS) organization. Our mission is to provide business technology solutions for the enterprise that empower growth, and enhance value across brands, geographies and organizations.

The Application Support and Operations group is part of the EBS organization. We are responsible for excellence in operating business systems and processes in support of the enterprise. We lead with a culture of continuous improvement, innovation and automation.

Basic Qualifications

* Minimum of 8 years in IT security in an environment of similar size/complexity
* 3+ years experience operating in an application development environment, with emphasis in agile development
* 3+ years experience in compliance management within a regulated environment (SOX, GDPR, HIPAA)
* Must have thorough knowledge of information security components, principles, practices, and procedures.
* Strong knowledge of industry and regulatory requirements (i.e., SOX, GDPR, HIPAA)
* Must have strong knowledge of web application, infrastructure, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
* Requires one of the following certifications: CISSP, CISM, CISA or equivalent

Required Education

* Bachelor's Degree in Computer Science, Information Systems, Engineering, or related technical field

Preferred Qualifications

* 4+ years experience in Secure Software development, with experience in a Continuous Integration / Continuous Deployment / DevOps environment is preferred
* Strong knowledge of penetration testing, Red Team exercises and security assessment is highly desirable.

Responsibilities

We look to add team members who are focused on delivery, passionate about customer service, make data-driven decisions, are life-long learners, and prefer to work in a high-tempo, problem-solving work environment.

The Sr. Application Security & Compliance Specialist is a security expert, who drives decisions based on risk and business impact. The role is part of the EBS Security & Compliance team, focused on application security, compliance and controls assurance. This role will focus on ensuring EBS systems are built to, and remain compliant against, the security standards of The Walt Disney Company. This role will support the EBS "Security by Design" initiative, partnering with stakeholders to identify and drive improvements in the software development lifecycle across the portfolio. In addition, this role is part of the team responsible for the compliance of the EBS portfolio, partnering with service line owners to ensure regulatory and industry statues are met.

Your responsibilities will include:

* Enhancing the security profile of the EBS application portfolio through the recommendation and implementation of appropriate controls, conducting periodic audits and taking a continuous improvement approach to security.
* Acting as the application security focal point for periodic regulatory, industry and TWDC audits, working with auditors and technology partners to validate compliance
* Analyzing the state of security within an assigned portion of the EBS portfolio, producing finding reports and developing roadmaps to address challenges
* Partnering with Application owners to address security & compliance needs. The Sr. Specialist is expected to analyze and recommend solutions.
* Contributing to the development and implementation of comprehensive best practices across the application security discipline, institutionalizing, measuring and monitoring the effectiveness across the EBS portfolio.
* Partnering with the Application Security Architect in establishing "Security by Design" into all new services, while assessing and driving security enhancements across existing solutions.
* Leveraging the EBS Security Assurance program, extending beyond traditional Compliance into security effectiveness and continuous assessment.
* Identifying and eliminating manual processes through the use of automation, especially in the areas of Compliance.
* Partnering with the Global Information Security team and segment peers in the spirit of partnership and on-going professional development.

Critical Competencies:

Leadership:

* A self-starter, who can effectively navigate a complex organizational structure, managing teams through influence and direct line management.
* Ability to establish executive level relationships across the various business and technology executives within TWDC.
* Establish and manage effective working relationships in a matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.
* A person that can decide and act without having the total picture and is comfortable handling risk and uncertainty.

Execution:

* Deep application and security expertise will be essential, as success will be accomplished through a matrixed environment of internal and external partners, and suppliers.
* Equally comfortable with executives, manager-level stakeholders, architects and developers--this is a hands-on position with regards to people and detail.
* Extensive knowledge of the enterprise technology landscape and ability to leverage that knowledge in delivering business outcomes with speed.
* A practitioner of Application Security & Compliance principles and can effectively proceed through review boards and other activities.