Staff Security Specialist
The Walt Disney Company
Date: 7 hours ago
City: Burbank, CA
Salary:
$126,400
-
$169,500
per year
Contract type: Full time
Department Description
At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.
The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.
The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:
Global Information Security (GIS) supports all of Disney’s business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney’s streaming services—Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service—as well as Disney’s broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers.
What You’ll Do:
At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.
The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.
The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:
- Secure the Magic by protecting information systems and platforms.
- Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
- Strengthen the business through optimizing execution, application, and technology used to protect the Company.
- Innovate by investing in core capabilities to enhance operational efficiency.
Global Information Security (GIS) supports all of Disney’s business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney’s streaming services—Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service—as well as Disney’s broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers.
What You’ll Do:
- Independent audit support for:
- SOX 404 ITGCs
- PII
- PCI
- ISPS
- Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs.
- Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments.
- Develop and lead the Control Assurance Programs (ISPS and SOX).
- Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding.
- Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company’s automated controls.
- This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control.
- Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment.
- Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products)
- Ensure for timely management response of audit findings into our corporate SOCD/SAD.
- Oversee ISPS Management Audit coordination and open action plans.
- Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands.
- Management of GRC workflows around coordination of certifications and attestations.
- Partner with leadership to support the PCI-DSS compliance program.
- Develop training materials, coordinate training sessions, and monitor compliance with training requirements.
- Minimum of 7 years of related work experience
- IT SOX experience and proven experience in supporting IT audit/compliance functions
- Experience in people managing
- Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives
- Interpersonal skills with the ability to work with teams cross-functionally
- Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators
- Detail-oriented but able to understand the big picture. Highly organized and efficient
- Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments
- Experience with cloud-based services, specifically AWS
- Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR
- Experience working with companies that have a heavy microservice architecture
- Bachelor’s degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resume