Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
The IT Security Architecture & Engineering team develops and guides technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions. We are a highly versatile and technical team, gleaning from network engineering, application security, architecture, risk assessment and control alignment. We are a team of security pros that are here to:

• Evaluate solutions and architectures to assess qualitative and quantitative risk
• Identify solutions to reduce risk and enhance our prevention and detection capabilities
• Conduct Threat Modeling

Responsibilities:The Manager, Information Security Architecture is responsible for evaluating a myriad of deployment scenarios, services, models and technology to ensure they are secure across the Walt Disney Company (TWDC). This role is highly versatile and gleaning from network engineering, application security, compliance, data, cloud and DevSecOps. This individual is responsible for providing leadership and guidance on the adherence to and implementation of the Company’s Information Security Policy and Standards (ISPS). Additionally, the individual will organize and facilitate various information security meetings and task forces across TWDC stakeholders to support our strategic programs. The position will report to Information Security Architecture & Engineering executive leadership.

• Lead, manage and deliver against our catalog of services including, but not limited to Risk Assessments, Security Positions and Advisory Services, by, or with the team.
• Partner with Information Security Architecture & Engineering leaders to define and mature our service offerings that aligns resources, processes, and communications across IT and business teams.
• Provide project leadership and guidance for selected projects or strategic programs during the planning, execution, delivery and wrap-up phases.
• Engage GIS, Enterprise Technology, and segment IT teams to ensure cross organizational activities and initiatives support and or align to SecArch&Eng team functional services and processes.

Responsibilities:

• Ensure processes are known, documented and properly performed to produce consistent, timely, high quality deliverables.
• Engage and track lessons learned and best practices towards continuous improvement.
• Assist with drafting proposals, and determining potential revisions or additions to existing services.
• Prepare and submit reports as needed to leadership (status, metrics).
• Assist in SecArch&Eng strategy and planning efforts per the fiscal year goals and objectives, and ensure alignment with GIS global strategy and TWDC business objectives.
• Partner with Information Security Architecture & Engineering leaders to track and improve operations efficiency, effectiveness and coverage. Continuously analyze and enhance team operations and domain risk metrics to assure relevance and support the achievement of goals.

Basic Qualifications:Minimum 10 years in technology organizations with 5-7 years of success leading a security discipline within large organizations.

• Demonstrated experience in information security, privacy or a data protection-related function
• Proven understanding of information security risk assessment and risk management procedures and methodologies.
• Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls.
• Strong knowledge of information security principles, standards, practices and technologies
• Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, Safe Harbor)
• Proven strong background in IT Security and Operational processes
• Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.)
• Demonstrated experience leading work of others
• Demonstrated strong organizational skills with attention to detail
• Proven ability to achieve results in a fast moving, dynamic environment
• Ability to develop strong working relationships
• Ability to multi-task and meet deadlines.
• Excellent communication, problem-solving and decision-making skills
• Practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices as well as latest scalable technologies

Preferred Qualifications:Prefer one of the following certification: CISSP, CISM, CISA or equivalent
Required EducationBA/BS in business or computer science or appropriate work experience
Preferred EducationMasters or other advanced degree preferred
Additional Information:DISNEYTECH