Director, Product Security
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
The Product Security team exists to ensure that our guests are protected and have a magical experience. We protect our guests and the Disney brand by partnering with product development teams at every phase of the product development lifecycle. We assess and influence product design, we analyze applications for flaws that may lead to security risks, and we provide penetration testing to ensure Disney products are secure.
We are looking for an experienced product security leader to own the existing product security program and team. You will have the opportunity to work with a highly capable team of engineers while partnering with a diverse set of product teams working on well-known and critical products. You will have the opportunity to work on projects that support Marvel, ABC News, ESPN, National Geographic, and Disney’s distribution pipeline that feed Disney+ and ESPN+.
Responsibilities :
- Build, own, and operate enterprise service(s) in support of the DMED Product Security program.
- Establish strategy, goals, and execution plans to effectively reduce product and services risks for DMED segment.
- Build strategies and plans that hold a high bar for security and operational excellence.
- Enable DMED engineering teams to innovate quickly with security in mind by building “paved roads” that lead to products that are designed, built, and operated with security best practices in mind.
- Maintain and continue to build a team of high performing engineers and engineering leaders. Mentor team members in career growth.
- Communicate strategies to other executives (Directors, VPs, SVPs). Influence partner engineering organizations to improve the security of their products.
- Produce meaningful executive dashboards, KRIs, metrics, and reports.
- Participate in executive escalations to help risk owners make informed risk decisions.
Basic Qualifications :
- 8+ years leading multiple teams in a large enterprise.
- Experience leading security engineers at every level (Jr, Sr, Staff) and a track record of promoting engineers.
- Ability to break down and communicate technically complex security situations and impacts for a non-technical audience
- Demonstrated knowledge of general security threats, attack vectors, and vulnerabilities.
- Effective communication skills across all organization and technological levels.
- Demonstrated ability to lead teams and programs in a challenging, dynamic, and fast-paced environment with the ability to prioritize resources
- 15+ years working in Internet related fields, and an advanced understanding of the related job functions.
- Experience developing applications (Web, mobile, api)
- Understanding of infrastructure and application architecture with emphasis on security by design.
- Demonstrate strong technical capability and experiences across a broad range of technical disciplines.
- Proven experience and in-depth knowledge with software development methodologies, CI/CD, and DevSecOps.
- Knowledge of public cloud services (AWS, Azure, GCP, etc.)
- Knowledge of IaC (Infrastructure as Code) and supporting technologies (Cloud Formation, Terraform, etc.)
- Cloud infrastructure architecture and cloud resources configurations
- Multi-cloud and on-prem architecture, including networking and firewall requirements and design
- Experience building, owning, and operating an enterprise service pertaining to product security
Required Education :
- BA/BS in Computer Science, Computer Engineering, Information Systems or Information Security preferred, or equivalent experience.
- Security+, CISSP, or other general information security certifications