Compliance Manager
Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives.
In order to ensure that our services keep The Walt Disney Company (TWDC) secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are
continuous learners, passionate about information security and love their work.
TWDC Information Security Governance, Risk Management, & Compliance provide organizational structure, processes, and oversight to ensure policies, standards, and management practices meet TWDC’s information security objectives.
TWDC Information Security Compliance run ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting.
Responsibilities:Develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Reviews and enhances network systems and processes for compliance with external regulations and internal standards. Proactively identifies non-conforming areas and assesses risk. Recommends and implements compliance measures. Provides leadership on compliance issues to solve challenging security compliance problems. Ensures documentation and reporting in support of analysis. Stays current on evolving legislative / regulatory changes related to security compliance.
Coordinates with multiple stakeholder groups across TWDC to optimize standards and procedures to assess and monitor information security risks resulting from the use of external service providers.
Responsible for the strategic and operational oversight of third party assessment related initiatives:
- Third party assessment planning, execution, and reporting
- Enhanced continuous monitoring of critical vendors
- Assessment of a variety of third party technology and business process solutions
- Third party contract review of information security language
- Review of various key third party compliance artifacts
Provide consulting to internal business partners regarding third party risk and business side responsibility for controls when engaging a third party to deliver business objectives.
Basic Qualifications:
- 10+ years of IT audit, or IT security and/or compliance experience
- Prior experience working within a global media or entertainment organization, supporting enterprise security functions
- Experience working with procurement and legal teams
- Knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GDPR, Payment Card Industry, Domestic and International Privacy regulations)
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, hosted services and cloud computing environments
- Knowledge of configuration management, change control/problem management integration, risk assessment, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.)
- Must be a strategic thinker and operator capable of monitoring and commenting on complex business and security matters
- Must have ability to communicate effectively to all levels of the organization as well as to external stakeholders
- Must be able to establish credibility as a business partner respected by client-base with proven ability to gain “buy-in” from teams without direct line of authority
- Ability to develop consensus within an organization climate of diverse operational activities, cultures and geographic locations
- Project/program management and prioritization skills
- Financial acumen and experience managing budgets
Preferred Qualifications:
- External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
- 5+ years of program and project management experience
- 5+ years of experience in third party risk management or IT vendor management experience.
- 5+ years of experience managing budgets and reporting security risks
- Experience in implementing programs that assess compliance, design, operational effectiveness and resiliency of Third party services within a large international company
- Experience presenting and influencing C-level executives on IT security and matters
- Knowledge and experience applying common security frameworks such as MITRE, OWASP, PTES
- Knowledge of Cloud and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)
- Experience with Security Scorecard or other vendor monitoring assurance service
- Experience creating and designing data analytics dashboards
Required Education
- 4-year degree Computer Science, Risk Management, Information Security and/or equivalent professional experience
- Cert/s such as CISSP, CISA, AWS
Preferred Education
- Master's degree in computer science or IT Security / IT Audit related field is preferred
- ISC2 CCSP, SANS, AZURE, GCP other relevant cybersecurity certification
- Tableau / PowerBI certification
Additional Information:DISNEYTECH
#LI-JH8