Sr Manager - Technology Risk Management
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We are here to protect the brand and reputation while enabling and supporting the business units. GIS teams are located in Seattle WA, Burbank CA, and Orlando FL.
We leverage a common, streamlined, agile and documented engagement model to gain efficiencies, increase visibility and ensure we are doing the most valuable work. This is a highly involved leadership position and we want to add people to our team who are also responsive to change, focused on delivery, continuous learners, passionate about security and love their work.
Our mission includes:
- Analyzing threats and risks
- Setting and managing security policies and standards
- Assessing compliance
- Delivering secure development consulting and services
- Assuring effective and efficient operations
The Technology Risk Management team ensures risks to the confidentiality, integrity, and availability of TWDC data and services are identified, assessed, and maintained at acceptable levels. This is accomplished through analysis using the risk management framework, measurement of the maturity of key technology controls, including information security, and measurement of key risk metrics across information technology.
Responsibilities :
The Sr. Manager of Technology Risk Management is responsible for ensuring strategic advancement and operational excellence of all technology risk management activities, including but not limited to:
- Maturing the TWDC Technology Risk Management strategy and risk analysis framework
- Ensuring communication and awareness of the TWDC Technology Risk Management framework
- Ensuring IT risks are appropriately analyzed and managed within risk appetite tolerance and limits
- Assessing the maturity of technology risk related services within GIS and across TWDC
- Tracking and updating technology risks from identification, assessment, and treatment resolution
- Managing the definition, aggregation, and reporting of IT risk metrics and data
- Supporting Segment technology risk strategies and management reporting
- Acting as a subject matter expert and engaging with cross-functional teams coaching, mentoring and feedback
- Maintain a strategic framework for guiding year-over-year technology risk investment decisions, defined with sustainable metrics for measuring performance and outcomes
- Collaborate closely with direct reports and peers from partner groups within GIS and across the Enterprise; as well as close partnership across Segment leaders to influence and improve Technology Risk Management
Leader of Team and People Manager:
- Build and retain a high performing team capable of adapting to a rapidly changing technology and threat landscape
- Manage and mentor direct reports to excel in the quality, delivery and engagement of their work
- Build and manage financial plans and operating budgets for Technology Risk team
- Provide active and frequent coaching to direct reports
- Seek coaching and active feedback from peers and leadership
- Lead positive change efforts by guiding the team and customers through awareness, buy-in, commitment and acceptance, resulting in enhanced business performance
- Ensure the team is delivering on projects and commitments
- Promote a “one team” culture through collaboration and teamwork
- Ensure work is prioritized and team is clear on expectations for quality, timeliness and accuracy
Basic Qualifications :
- Minimum 10 years in technology organizations with 3-5 years of success leading a technology or information security risk discipline within large organizations.
- Demonstrated experience in information security, privacy or a data protection-related function
- Proven understanding of information security risk assessment and risk management procedures and methodologies.
- Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls.
- Strong knowledge of information security principles, standards, practices and technologies
- Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, Safe Harbor)
- Proven strong background in IT Security and Operational processes while leading work of others
- Demonstrated strong organizational skills with attention to detail
- Proven ability to achieve results in a fast moving, dynamic environment
- Ability to develop strong working relationships while multi-tasking to meet deadlines
- Excellent communication, problem-solving and decision-making skills
Preferred Education :
- One of the following certifications: CISSP, CISM, CISA, or equivalent
Additional Information :
DISNEYTECH
#LI-JH8