Security Specialist, IT Compliance
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives.
In order to ensure that our services keep secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology.
This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
Responsibilities :
The Department develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of TWDC and allied assets and information.
The Security Specialist, IT Compliance responsibilities:
- Reviews and enhances network systems and processes for compliance with external regulations and internal standards.
- Proactively identifies non-conforming areas and assesses risk.
- Recommends and implements compliance measures.
- Provides leadership on compliance issues to solve challenging security compliance problems.
- Ensures documentation and reporting in support of analysis. z
- Stays current on evolving legislative / regulatory changes related to security compliance.
The Security Specialist is primarily responsible for executing internal assessment process for environments in scope for regulatory compliance. The nature of the process is to work with security/compliance point of contacts throughout the enterprise to confirm the scope of the environment, determine the accountable signatory, prepare Assessment Questionnaires and Attestations of Compliance (AOC), obtain signatures on AOC's, Submit AOC's to internal or external stakeholders.
The Security Specialist also works to establish new control assessment processes and procedures across the security community. The role works to identify needs for security assessment and facilitates the creation of repeatable and effective process to fit the need. This role works with a variety of different controls and platforms and should be well versed in the most common security controls. It also requires a through understanding of cross functional process development and expertise in managing the output and reporting of such processes. A relative example would include risk assessment process around administrative consent for productivity tools such as MS Office 365.
Basic Qualifications :
- 2-3 years in an information Security role accountable for assessing controls OR...
- 2-3 years of IT audit and/or IT security and/or compliance experience that would include developing and implementing control assessment processes.
- Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments
- Working knowledge of the most common Information Security controls
- Working knowledge of regulatory requirements including PCI, SOX, GDPR, HIPPA
- Ability to analyze and interpret information and communicate effectively to all levels of leadership
Preferred Qualifications:
- External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
- 1+ years of Program and Project Management experience
- 1-3 years of experience in third party risk management or IT vendor management experience.
Required Education :
- Bachelors Degree - field of study in Computer Science, Risk Management, Information Assurance
Preferred Education :
- Master's Degree in Computer Science or IT Audit related field is preferred
- IT Audit, IT Security
- Information Security Certification such as CISSP, PCIP, QSA etc.
Additional Information :
#DISNEYTECH
#LI-JP4