Security Specialist - Information Security

Who We Are
At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives.
We Are Hiring! We need a Security Specialist - Information Security to join our Team!
What You Will Do
This Security Specialist - Information Security role will support the team as a Solutions Architect. You will play a crucial role in designing and implementing security strategies that meet the needs of the business. You will focus on designing, implementing and managing comprehensive security solutions to protect systems, data and applications from cyber threats. You will conceptualize and develop solutions to improve security posture and lead projects from conception to design to implementation.
Responsibilities

• Work with Security Solution Architects to develop solutions that meet or exceed company security requirements and are tailored to address the needs of the Segment.
• Participate in the development of execution plans to implement short- and long-term security goals.
• Conduct security risk assessments to identify vulnerabilities and gaps in new and existing standalone systems or systems with limited integrations.
• Propose mitigation strategies for consideration in the overall architecture.
• Work with Segment teams to provide security policy guidance for infrastructures, applications, and cloud platforms.
• Collaborate with technical teams to ensure security considerations are factored into all technology projects.
• Participate in the development of security policies, standards, and best practices to maintain compliance and improve overall security posture.
• Educate technical teams on systems that detect and respond to security breaches or incidents.
• Evaluate third party service provider integrations for compliance with information security policies and standards and prepare appropriate documentation

Must Have

• Minimum of 3+ years of demonstrated experience in a structured security program
• Knowledge of cybersecurity frameworks (e.g. NIST, ISO27001)
• Working knowledge of network and IT security components, including firewalls, intrusion detection systems, anti-malware software, data encryption, VPN's, vulnerability scanners, server operating systems, and other industry-standard techniques and practices
• Knowledge of common web and mobile application vulnerabilities, such as the OWASP Top 10 for web and mobile, and ability to provide solutions
• Basic understanding of cloud platforms (e.g. AWS, Azure, Google Cloud)
• Ability to identify risk and develop appropriate mitigation plans to reduce or eliminate risk
• Experience working with confidential information
• Understanding of project management principles
• Proven ability to work effectively in a fast-paced environment as part of a high-performance team

Nice To Have

• Working toward security accreditation (i.e., CISSP, GSEC, GCIH, GPEN, GWAPT, GMOB, CEH)
• Knowledge of security related legislation/regulations with emphasis on PCI and data privacy

Education

• Bachelor's degree and/or equivalent work experience