Staff Information Security Specialist (PCI)
At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
TWDC Information Security Governance, Risk Management, & Compliance provide organizational structure, processes, and oversight to ensure policies, standards, and management practices meet TWDC's information security objectives.
Responsibilities:
This Staff Information Security Specialist (PCI) role will be primarily responsible for supporting Disney's compliance with the Payment Card Industry Data Security Standard (PCI DSS). This includes supporting our internal and external PCI audits across multiple Segments. In addition to leading this audit support, the role will also play a key role in advocating for PCI compliance across multiple business, technology, and information security teams and processes. The nature of the process is to work with security/compliance point of contacts throughout the enterprise to confirm the scope of the environment, determine accountable signatories, create risk and control matrices, execute and document control tests, and produce compliance reports focused on control operating and design effectiveness.
The Staff Information Security Specialist (PCI) also works to establish new control assessment processes and procedures across the security community. The role works to identify needs for security assessment and facilitates the creation of repeatable and effective processes to fit the need. The Staff Security Specialist works with a variety of different controls and platforms and should be well versed in the most common security controls. The role also requires a thorough understanding of cross functional process development and expertise in managing the output and reporting of such processes.
Basic Qualifications:
- 5+ years in an information Security role accountable for assessing controls, including PCI, specifically
- 2 years in an Information Security Compliance and/or Control Assessment role that would include developing and implementing control assessment processes
- Experience in planning and executing PCI security audits and/or interfacing with external PCI auditors
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments used to dispense financial and accounting services
- Ability to analyze and interpret information and communicate effectively to all levels of leadership
- Experience assessing compliance, design and operational effectiveness of IT security controls in a large international company
Preferred Qualifications:
- External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)
- 1+ years of program and project management experience
- International experience
- Merger/acquisition experience
- Experience implementing or assessing the security of IT systems.
- Knowledge of Cloud and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)
- Experience presenting and influencing C-level executives on IT security matters
Education:
- 4-year degree (Computer Science, Risk Management, Information Assurance), Masters preferred.
- 1 or more Information Security Certification(s): such as CISA, CISSP, PCIP