Job Summary:At Disney, we’re storytellers.
We make the impossible, possible.
The Walt Disney Company is a world-class entertainment and technological leader.
Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses.
Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise.
We are here to protect the brand and reputation while enabling and supporting the business units.
GIS teams are located in Seattle, Glendale, and Orlando.In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats, as well as changes in business and technology.
This process includes:Analysis of known and emerging threats to determine risks against TWDC assets; Creation, maintenance, governance and communication of security policies and standards across TWDC; Assessment and audit of compliance against the security policies and standards; Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria.We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.The Technology Risk Management team operates as trusted advisors to ensure risks to the confidentiality, integrity, and availability of TWDC data and services are identified and assessed, while driving for risks to be managed at an acceptable level.
This is accomplished by analyzing identified risks, key risk measures, and control measurements across the technology environment; while also engaging keystakeholder and leveraging the risk management framework.Responsibilities:The Senior Security Specialist, Risk Management is responsible for supporting the strategic advancement and the operational excellence of Technology Risk Management’s functions, including but not limited to:Risk Analysis & ReportingCompile risk artifacts and perform risk analysis of strategic technology risks, supporting artifacts, historical losses, technology measurements and projects.Identify, qualify and prioritize technology risks to TWDCAnalyze, measure, and monitor a breadth of technology risks and facilitate treatment decisions.Develop and provide risk (reporting) content for various operational and senior-leadership meetings, briefings and dashboards.Develop and refine key risk indicatorsAssist in the design of risk dashboards at executive, operational, and tactical levelsEngagement, Advisement, & Communication:Support and partner with other GIS teams and TWDC Segments/ business partners on technology risk management mattersGuide and advise partner teams on relevant risk management processes and risk reduction strategiesCommunicate both verbally and in writing with team members and management on risk management issuesProgram & Task ManagementDevelop and contribute content for program materials (i.E.
strategy, procedures, policies, training) and other supporting documentationManage vendor/ contractors for identified effortsBasic Qualifications:Minimum 3 years in technology organizations, with 7-10 years of information security / risk/ assurance work experience supporting a moderate to large organizationExperienced with Microsoft suite, e.G.
Word, Excel, PowerpointProven understanding of information security principles, risk assessment and risk management procedures and methodologies.Strong analytical skills; ability to analyze collected data, interpret results, and create related reportsAbility to multi-task, manage, prioritize and organize one’s own time while delivering accurately, on time, and with attention to detail.Ability to understand and articulate complex business/risk management issues in a clear, concise, and easily consumable audience-specific format; especially executive-level messagingAbility to develop strong and effective working relationshipsAble to problem-solve and perform necessary research to identify relevant artifacts or solutionsMust have situational awareness and ability adjust conversation and approach based on culture/ environmental factorsMust have clear and concise verbal and written communications skills; ability to articulate recommendations and risk interpretations in a clear, concise and audience-specific formatAble to proactively provide status and concerns that may impact the execution of assigned project or tasksPreferred Qualifications:Required: BA/BS in business, or BA/BS in cyber security or computer science related field, or equivalent military experienceAdditional Information:DISNEYTECH