Sr Manager, Application & Infrastructure Risk Management
The End-User and Technical Operations organization is responsible for monitoring and managing the end-to-end delivery and support of enterprise technology services across The Walt Disney Company and its' business segments. This organization is responsible for ensuring adherence to defined service levels and completion of approved work. Conduct service improvement initiatives through proactive monitoring and improvement actions identified through analytics and by our Customers. Leverage partnerships with the Business, Customer base and the Suppliers to successfully deliver services to meet agreed upon expectations. Coordinate and lead the resolution of service delivery issues/problems between in-scope and out-of-scope groups. Define and maintain all aspects of a product and/or service including what the product is, what services are included, how to request or obtain the product, service level options and what the product or service costs. Develop and manage project timelines and resources to ensure requirements are understood, dependencies are defined, a design is developed, and the solution is implemented and supported.
The Sr. Manager IT Infra and Application Risk will define Disney's Enterprise Technology IT strategic risk management frameworks, developing risk policies, governance and regulatory guidance through execution of collaborative IT risk management organization that measurably reducing our overall IT Infra and Application risk exposure. In partnership with the other Disney Enterprise Technology risk leaders and colleagues, the Sr. Manager IT Vulnerability and Risk management provides thought leadership on IT risk strategy and driving key risk reduction results through experienced execution of the work function, holistic development of risk metrics and reporting, and also serves as a key IT risk leader across firm-wide business segments and partners.
Responsibilities :
The Sr. Manager of IT Risk Management is responsible for driving an enterprise class IT Infra and Application Risk Management function including performing risk Management (inclusive of assessments, reports, escalations), Compliance (inclusive of control assessment and governance), and supporting strategic planning, and functional management as part of our Enterprise Technology leadership team. The Sr. Manager is an experienced IT risk management thought leader, drawing on extensive real-world experience in similar enterprise positions and possessing the ability to interact and influence leadership and staff at all levels. The position requires excellent program management and communication skills, strong knowledge of infrastructure and application technology risk controls, and solid experience and expertise with execution of risk management, security, and data privacy frameworks. Overall Responsibilities include:
Leadership and Management
- Leadership, integrity, and credibility will be determining factors in selection. Successful candidates will be articulate and possess a demonstrated leadership capability. The position requires a leader with strong relationship management, influencing, vision and organizational execution skills. A key differentiator will be the ability to understand, operate and lead in a complex, environments.
- Providing subject matter expertise, advising on IT Infra and Application risk management best practices, conducting risk analysis, and communicating with risk stakeholders overseeing and supporting our front line execution of requisite controls, processes, and systems complying with defined operational risk frameworks, policies, and service levels.
- Participation in formal risk governance bodies, development of risk management capabilities, adherence to regulations and management of IT Infra and Application risk controls within established risk policy tolerances.
- Accountable for recruiting, hiring, developing and retaining top talent with diverse backgrounds and skills in IT Risk Management. The role will include participation in leadership activities, strategies and initiatives to further and mature Disney's Enterprise Technology's risk capabilities.
- Escalating clearly Infra and Application risk concerns and issues (including exceeded relevant risk tolerances and limits) to senior management.
- Develop and sustain a strong risk culture including a balanced approach through working in cooperation and consultation with all lines of defense across Enterprise Technology.
- Establish and monitor Key Risk Indicators, proactively track and govern corrective action plans that mitigates risks and ensuring remediation due dates are not missed
Technology Focus
- Deep knowledge and understanding of Infrastructure and Application architectures, providing insights and understanding of inherent technology risks across networks, infrastructure, applications and cloud platforms.
- Adhering to IT Risk Policies and controls throughout lifecycle of Infrastructure and Applications
- Prepare both high level and detailed technical assessments in accordance with infrastructure security and application architecture objectives
Strategy
- This leader provides business and IT management thought leadership and strategic guidance, governance of Disney's Enterprise Technology IT risk management framework focused on applying application and infrastructure risk controls.
- Provide advice and strategic counsel to executives and senior management, as requested, enhancing their ability to effectively anticipate and manage Infra and Application risks
- Considering potential reputational risk to The Walt Disney company, developing and implementing policies that are designed to demonstrate compliance with industry regulations.
- Maintain continuous awareness of potential Emerging Infra and Application risks. Ensure proper tracking, visibility and response programs for all new technology initiatives.
Basic Qualifications :
- 5 Years of leadership and delivery of enterprise vulnerability management programs and organizations
- 5 Years managing day to day business of infrastructure and application in many aspects of IT Risk, Control and governance
- 5+ years leading vulnerability incident response with multi-disciplined geographically dispersed teams in a Fortune 500 organization
- 5+ years of experience in either a large IT shared services organization or outsourced environment •
- Experience in enterprise scale IT departments highly desired
- Experience with outsourced IT environments highly desired
- Experience supporting diverse portfolios, multiple business applications and IT services
- Experience working in a 24x7 IT operations environment.
- Demonstrated experience in systems integration, application infrastructure
- Knowledge and understanding of regulatory compliance requirements surrounding HIPAA, PCI, GLBA, SOX and SOC reporting
Preferred Qualifications:
- 5-8 years of experience as an Application Security Analyst or IT Risk Analyst
- Deep knowledge and inner workings of application and infrastructure architectures, including AWS, Azure, SAP
- Professional IT Risk Certifications including but not limited to: CISSP, CISM CRISC, CISA, CGEIT
Required Education :
- BA/BS in Computer Service Management, Science, Engineering or related field. Equivalent work experience would be considered in lieu of degree
Preferred Education :
- Master's in IT Systems or Business Administration (MBA) or MS in technical discipline
Additional Information :
DISNEYTECH
#LI-JH8