Manager - Information Security

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:
•    Secure the Magic by protecting information systems and platforms.
•    Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
•    Strengthen the business through optimizing execution, application, and technology used to protect the Company.
•    Innovate by investing in core capabilities to enhance operational efficiency.

The DE Cyber Risk department consists of a global team of cast members, contingent workers, and contractors whose primary objective is to “Secure the Magic”. This objective is met by acting as a trusted partner with global technology teams and business partners to analyze, mitigate, and report upon security risks within their environments. We provide security advice and support to ensure security requirements are met and aligned with Disney Information Security Policies and Standards. 

 
Our span of control includes assessing the risk and control design associated with third-parties, internal applications, new product deployments, and infrastructure changes to ensure systems are within risk tolerance. The department also maintains strong partnerships with other technical security teams such as security architecture, product security, and content protection within DE and the larger Global Information Security (GIS) department.

Responsibilities:

• Manage expansion and maturity of the following Disney Entertainment (DE) Information Security Office (ISO) services & programs within countries that include the South East Asia (e.g., Singapore, Indonesia, Thailand, Philippines), Australia, and India.
• Security baseline and monitoring of business-critical products
• Pervasive risk monitoring and reporting
• Security champions program
• Vendor risk management 
• Risk assessments 
• Risk Acceptance 
• Security training and awareness
• Partner with executive management, department leaders, and corporate services to seamlessly integrate security into existing processes, ensuring that business operations remain uninterrupted
• Provide executive management and department leaders visibility into key risks impacted the region
• Ensure alignment between information security strategies, and business objectives and roadmaps
• Ensures programs are in compliance with corporate policies and standards, and other applicable laws & regulations. 
• Serve as subject matter expert to internal business and IT partners on corporate policies, applicable compliance standards (e.g., PCI, relevant privacy regulations, etc.) and industry-best practices (e.g. ITIL, COBIT, ISO 27001) 
• Build a strong understanding of the business environment to identify, mitigate, and remediate risk 
• Research, learn, and evaluate solutions to address complex problems
• Stay current on market developments to identify emerging security technologies, risks and trends to ensure that computing environment keeps pace with security technology and risk landscape evolution 
• Identify and establish process improvements, automation and innovation opportunities to simplify, standardize and improve security services
• Manage, prioritize, and proactively report on the status of assigned projects and/or team deliverables to impacted stakeholders
• Through example and behavior, strive to provide leadership to direct reports and other team members with the goals of providing service excellence

Requirements:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or comparable field of study, and / or equivalent work experience    
• At least 7 years of experience in Information Technology
• At least 5 years of experience in Risk Management, Information Security, or Audit & Compliance
• At least 3 years of leadership experience, including team management and oversight of direct reports.
• Hands-on experience with regulatory security frameworks, including ISO standards
• Experience of interpreting and assessing risk based on information from numerous sources to form practical and operational realistic solutions
• Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2, NIST, PCI requirements etc.
• Working knowledge of cloud infrastructure and security principles
• Knowledge of conducting risk assessments using industry recognized risk management methodologies
• Progress toward one or more industry-recognized certifications (e.g., CISA, CISM, CRISC, ISO 27001, CCSP, CISSP, Security+)
• Master’s degree in computer science, information security, or a related technology discipline
• Proficient understanding of security and vulnerability detection tools, such as Tenable, Qualys, CrowdStrike, and Prisma
• Demonstrated experience in large enterprise environments and/or within a Big 4 accounting firm

The Walt Disney Company is an Equal Opportunity Employer. We strive to be a diverse workforce that is representative of our audiences, and where all can thrive and belong. We are committed to building a team that includes and respects a variety of voices, identities, backgrounds, experiences and perspectives.

The Walt Disney Company is an Equal Opportunity Employer. We strive to be a diverse workforce that is representative of our audiences, and where all can thrive and belong. We are committed to building a team that includes and respects a variety of voices, identities, backgrounds, experiences and perspectives.