Job Description
This candidate is responsible for evaluating and assessing the risk of various deployment scenarios (e.g., on-prem, cloud, hybrid), services, models, and technology to ensure they are secure and compliant across the Walt Disney Company.
This role is highly versatile and technical and requires broad exposure and experience across security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.
While familiarity and experience with various security tools prevalent in today's information technology enterprise is highly beneficial, this role requires candidates to think critically and holistically about cybersecurity risk.
The candidate should not rely solely on the use or output of cybersecurity tools to assess the risk of an application or service.
A viable candidate should be able to effectively articulate the risk associated with an application or service based on evaluation of its design and configuration, data classification and flow, security control alignment, current and emerging threats, and practical experience.
RESPONSIBILITIES
- Provides situation-based support, using in-depth knowledge of industry technology, controls, and policies to ensure system designs align with Disney security requirements and industry best practices.
- Creates, reviews, and presents security architecture reviews and cybersecurity risk assessments to the team (peers), executive leadership, and customers.
- Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents.
- Develops and documents technical solutions that meet specifications and impact future developments (e.g., process flows, requirements documents, data flows, mapping to controls).
- Identifies, selects, develops, and documents architecture artifacts (reference architectures, standards, policies, reusable designs, best practices).
- Researches, learns, and evaluates new technologies.
- Leads discussions, assessments, tracking, and overall reporting of technology security risks.
- Documents issues, solutions, and status of assigned work.
- Understands business drivers and processes to evaluate risk and recommend solutions with a balanced result.
- Promotes awareness of applicable security policies and standards.
- Assists with the maintenance of metrics and scorecards in support of the information security program.
Required Skills & Experience
- 5 to 8 years of experience in Information Technology and/or information technology/cyber security and/or cyber risk management
- 5 years of experience with 3 or more of the following areas: Security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.
- 1 to 3 years of practical cloud information security experience with a preference to have experience with major cloud service providers (e.g., Amazon Web Services (AWS), Microsoft Azure, Google Cloud, etc.).
- Must demonstrated experience in creating conceptual, logical, and physical security diagrams, with a thorough understanding of vulnerabilities and countermeasures.
- Maintains a strong familiarity with information security compliance programs and regulations.
- Detailed understanding of identity, access, and authentication mechanisms (Kerberos, NTLM, AD), networking technologies, software-defined computing, containerization, routing and switching, big data, elastic compute, and risk analysis and risk management methodologies.
- Experience in information management, protection, and security control design and implementation.
- Familiarity with a broad range of cybersecurity frameworks and threat modeling concepts such as STRIDE, MITRE ATT&CK, and NIST publications (particularly 800-53 and 800-30).
- Ability to manage multiple priorities and work effectively in a fast-paced, high-volume, results-driven environment. This skill includes the ability to work both independently on complex tasks and effectively in a highly team-centric environment.
- Excellent written and verbal communication skills, including writing comprehensive technical reports and assessments.
- Practical experience in preparing and presenting highly effective presentations to business customers, technology teams, and senior leadership.
- Willingness to quickly learn new technologies/concepts and apply these new skills to assess the security posture of a system or application effectively.
- Previous experience in Microsoft 365, specifically Excel, Word, and PowerPoint.
- Must have cloud security knowledge with excellent communication skills.
- Required: two or more senior Information Security or cloud certifications(e.g., CISSP, CCSP, GIAC, Security+, AWS Certified Public Cloud Architect, MCSE cloud, VMWare VCP6 cloud, EMCCAcloud computing Architect).
- This position can be Burbank, Seattle, Remote (for well qualified candidates)
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.