Intern, Cyber Risk and Compliance New York Summer 2022
Job Summary:At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts, and a cruise line to sports, news, movies, and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including a continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance, and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
Responsibilities:A Day in the Life…
This position reports to the Director – Cyber Risk, who is accountable for all information security risk programs, initiatives, and activities within the DMED segment. This function aligns DMED segment programs with Corporate information security objectives.
This included:
- Managing information security risk
- Providing information security governance and management
- Providing situational leadership and support
- Publishing the status of DMED’s information security posture
- Publishing reports and metrics to identify key areas that will significantly drive down risk
- Contribute to assessing and evaluating new automation tools
- Influence changes in current information security policies and standards to ensure the beneficial and practical impact to impacted stakeholders
- Build and foster strong relationships, and collaborate closely with peers and partner groups
- Research, learn, and evaluate solutions to address problems, close gaps, and improve functionality and operations.
Basic Qualifications:
- An interest in information security risk management and methodologies
- General understanding of how IT can introduce security risks and adversely impact an organization
- General understanding of IT and operational controls and how they can be used to reduce risk
- General understanding of IT policies, standards, and procedures and how they are used within an organization
- Ability to develop strong working relationships
- Ability to work with leadership to establish deliverables, timelines, and proactively provide updates to identify delays or impediments
- Strong communication (written and verbal), problem-solving, and decision-making skills
- Ability to apply newly gained skills in similar or new use cases
- Ability to take accountability for actions and view failures as learning opportunities
Preferred Qualifications:
- Basic/fundamental understanding of cloud infrastructure
- Ability to pivot and change direction while viewing these changes as opportunities rather than impediments
- Ability to take minimal instructions and develop options for discussion and implementation
- Prior exposure (in class or in practice) to information technology, information security, IT compliance, privacy, or a data protection-related program
Required EducationCurrently enrolled undergraduate student studying cybersecurity, computer science, information systems, or related field at an accredited college/university and returning to school following the internship
Preferred Education
Additional Information:Eligibility Requirements:
•At the time of application, must be enrolled in an accredited college/university taking at least one class in the semester/quarter (spring/fall) prior to participation in the internship program OR currently participating in a Disney College Program or Disney Professional Internship.
•Must be at least 18 years of age.
•Must not have completed one year of continual employment on a Disney internship or program.
•Must possess unrestricted work authorization.
•Must provide full work availability.
•Program Length: The approximate dates of this internship are May/June - August/September 2022. Interns must be fully available for the duration of a 10-12 week assignment.