Sr Security Specialist, Compliance
Burbank, CA

Job Description

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The GIS Compliance team ensures that information security controls are operating effectively to protect the confidentiality, integrity, and availability of TWDC data. This is accomplished through measurement of key metrics and coordination with control owners across the enterprise.

Job Type

Full Time

Segment

The Walt Disney Company (Corporate)

Category

Technology

Basic Qualifications

* Minimum 5 years in technology organizations with 2-3 years working in either information security or compliance discipline within large organizations
* Demonstrated experience in information security, privacy or a data protection-related function
* Proven understanding of information security risk assessment and risk management procedures and methodologies
* Ability to work with large data sets and apply analysis for generating reports and/or dashboards (e.g., tableau)
* Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls
* Strong knowledge of information security principles, standards, practices and technologies
* Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, GDPR, etc.)
* Strong background in IT Security and Operational processes
* Demonstrated strong organizational skills with attention to detail
* Proven ability to achieve results in a fast moving, dynamic environment
* Ability to develop strong working relationships
* Ability to multi-task and meet deadlines
* Excellent communication, problem-solving and decision-making skills
* Require one of the following certification: CISSP, CISM, CISA or equivalent

Business

The Walt Disney Company (Corporate)

Required Education

BA/BS in business or computer science or appropriate work experience

Postal Code

91502

Preferred Education

Masters or other advanced degree preferred

Responsibilities

The Senior Security Specialist, Compliance role is responsible for validating that enterprise control assessment activities are conducted in accordance with policy and regulatory requirements. This role will work with information security teams across all Segments to collect, analyze, and report on operational control effectiveness information. This information will be used to validate the extent of compliance with information security policy and help drive improvements to the Company's security posture. Additional responsibilities include, but are not limited to:

* Operationalizing the TWDC Global Information Security Compliance validation strategy
* Leveraging the control validation framework to gather and analyze enterprise and Segment specific data
* Ensuring communication and awareness of the TWDC Information Security control validation framework
* Logging, monitoring, and analysis of control validation data
* Creating and maintaining IT compliance metrics and data
* Supporting segment information security strategies and management reporting
* Acting as a subject matter expert and engaging with cross-functional teams
* Identifying and designing control effectiveness monitoring automation
* Compliance dashboard creation and maintenance
* Perform scheduled and ad hoc control validation assessments

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The GIS Compliance team ensures that information security controls are operating effectively to protect the confidentiality, integrity, and availability of TWDC data. This is accomplished through measurement of key metrics and coordination with control owners across the enterprise.

Basic Qualifications

* Minimum 5 years in technology organizations with 2-3 years working in either information security or compliance discipline within large organizations
* Demonstrated experience in information security, privacy or a data protection-related function
* Proven understanding of information security risk assessment and risk management procedures and methodologies
* Ability to work with large data sets and apply analysis for generating reports and/or dashboards (e.g., tableau)
* Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls
* Strong knowledge of information security principles, standards, practices and technologies
* Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, GDPR, etc.)
* Strong background in IT Security and Operational processes
* Demonstrated strong organizational skills with attention to detail
* Proven ability to achieve results in a fast moving, dynamic environment
* Ability to develop strong working relationships
* Ability to multi-task and meet deadlines
* Excellent communication, problem-solving and decision-making skills
* Require one of the following certification: CISSP, CISM, CISA or equivalent

Required Education

BA/BS in business or computer science or appropriate work experience

Preferred Education

Masters or other advanced degree preferred

Responsibilities

The Senior Security Specialist, Compliance role is responsible for validating that enterprise control assessment activities are conducted in accordance with policy and regulatory requirements. This role will work with information security teams across all Segments to collect, analyze, and report on operational control effectiveness information. This information will be used to validate the extent of compliance with information security policy and help drive improvements to the Company's security posture. Additional responsibilities include, but are not limited to:

* Operationalizing the TWDC Global Information Security Compliance validation strategy
* Leveraging the control validation framework to gather and analyze enterprise and Segment specific data
* Ensuring communication and awareness of the TWDC Information Security control validation framework
* Logging, monitoring, and analysis of control validation data
* Creating and maintaining IT compliance metrics and data
* Supporting segment information security strategies and management reporting
* Acting as a subject matter expert and engaging with cross-functional teams
* Identifying and designing control effectiveness monitoring automation
* Compliance dashboard creation and maintenance
* Perform scheduled and ad hoc control validation assessments