Sr Security Specialist, Information Security
Burbank, CA

Job Description

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

This position reports up through the Corporate Information Security Officer's organization, which is accountable for all security programs, initiatives, and activities within the Corporate segment. This function aligns Corporate segment programs with TWDC's information security objectives and provides management reports to TWDC Information Security Governance.

This includes:

* Managing information security risk
* Providing information security governance and management
* Overseeing control assurance, monitoring, and remediation
* Ensuring alignment with legal and regulatory requirements
* Delivering information security awareness, education, and training
* Providing situational leadership and support
* Publishing the status of Corporate's information security posture

Job Type

Full Time

Segment

The Walt Disney Company (Corporate)

Category

Security

Basic Qualifications

* Minimum 5 years in technology organizations with success in providing a security discipline within large organizations
* Must have thorough knowledge of information security components, principles, practices, and procedures
* Must have thorough knowledge of infrastructure security along with a solid understanding of common operating systems, networking protocols, database, and infrastructure management

Business

The Walt Disney Company (Corporate)

Required Education

* BA/BS in business or computer science or appropriate work experience

Preferred Qualifications

* CISSP, CISM, CISA or equivalent certifications

Postal Code

91502

Responsibilities

* Requires in-depth knowledge and experience in infrastructure security in a hosted environment
* Uses best practices and knowledge of internal or external business strategies, opportunities and trends to improve products or services
* Solves complex problems; takes a new perspective on existing solutions
* Works independently, receives minimal guidance
* Acts as a resource for colleagues with less experience
* Engages with cross-functional teams to perform information security assessments (scoping, evidence collection, reporting, process metrics, process improvement, and QA)
* Assesses and test controls and remediate control failures
* Gathers artifacts for internal and external assessments
* Addresses legal and regulatory requirements of systems falling within a compliance program and monitor compliance with ISPS
* Assists with security training, awareness, education, and communication
* Builds and fosters strong relationships, and collaborates closely with peers and partner groups in Corporate
* Knows and evaluates current policies to provide analysis and mitigation
* Aligns with metric based measurement of progress and provide input into dashboards regularly researches, learns, and evaluates solutions to address problems, close gaps, and improve functionality and operations

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

This position reports up through the Corporate Information Security Officer's organization, which is accountable for all security programs, initiatives, and activities within the Corporate segment. This function aligns Corporate segment programs with TWDC's information security objectives and provides management reports to TWDC Information Security Governance.

This includes:

* Managing information security risk
* Providing information security governance and management
* Overseeing control assurance, monitoring, and remediation
* Ensuring alignment with legal and regulatory requirements
* Delivering information security awareness, education, and training
* Providing situational leadership and support
* Publishing the status of Corporate's information security posture

Basic Qualifications

* Minimum 5 years in technology organizations with success in providing a security discipline within large organizations
* Must have thorough knowledge of information security components, principles, practices, and procedures
* Must have thorough knowledge of infrastructure security along with a solid understanding of common operating systems, networking protocols, database, and infrastructure management

Required Education

* BA/BS in business or computer science or appropriate work experience

Preferred Qualifications

* CISSP, CISM, CISA or equivalent certifications

Responsibilities

* Requires in-depth knowledge and experience in infrastructure security in a hosted environment
* Uses best practices and knowledge of internal or external business strategies, opportunities and trends to improve products or services
* Solves complex problems; takes a new perspective on existing solutions
* Works independently, receives minimal guidance
* Acts as a resource for colleagues with less experience
* Engages with cross-functional teams to perform information security assessments (scoping, evidence collection, reporting, process metrics, process improvement, and QA)
* Assesses and test controls and remediate control failures
* Gathers artifacts for internal and external assessments
* Addresses legal and regulatory requirements of systems falling within a compliance program and monitor compliance with ISPS
* Assists with security training, awareness, education, and communication
* Builds and fosters strong relationships, and collaborates closely with peers and partner groups in Corporate
* Knows and evaluates current policies to provide analysis and mitigation
* Aligns with metric based measurement of progress and provide input into dashboards regularly researches, learns, and evaluates solutions to address problems, close gaps, and improve functionality and operations