• Monitors essential processes to ensure compliance with policies, standards, practices, and guidelines. Assists with information security compliance.
• Owns business relationships with executive and other leadership stakeholders to drive enhancements to security posture.
• Manages and executes the information security risk assessment process, including reporting and oversight of treatment efforts.
• Supports PCI-DSS compliance program and ensures successful audits.
• Supports penetration testing, vulnerability assessments, social engineering testing, risk analysis, and remediation.
• Manages Information Security risk management activities, vendor reviews, asset inventories, third-party risk, and remediation.
• Supports the information security training program.
• Develops and supports information and access management initiatives.
• Builds a culture focused on security and risk environment improvement.
• Supports evaluations of internal control maturity against best practices and frameworks like NIST-CSF.
• Maintains and produces policies, procedures, and standards documents.
• Provides reporting and measurements of program effectiveness.
• Supports the management of security incidents to protect corporate assets.
• Monitors threat environment for emerging threats and advises stakeholders.
• Coordinates external resources involved in the information security program.
• Conducts user access reviews and identity management monitoring.
• Manages documentation, requests processing, training, and projects.
• Participates in meetings with vendors and key stakeholders.
• Maintains tracking metrics and reporting on information security risks.
• Prepares and delivers metrics-based presentations.
• Keeps abreast of industry trends and serves as a subject matter expert.
• Supports strategic growth and operational evolution of the Department.
• Ensures integrity within department operations.
• Creates a workplace culture consistent with organizational values.
• Supports information security initiatives and projects throughout the organization.
• Supports other Risk Management department programs and initiatives.
• Manages and supports creation of new processes for information security.
• Engages in discovery techniques to identify information security risks.
• Trains with other information security team members to promote a holistic program.

Required Qualifications

• Bachelor's Degree in Computer Sciences, Business Administration or a technology-related field, and/or equivalent work or education related experience.
• 5 to 10 years in Information Security/Cyber Security.
• Information Security program management experience.
• Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint.
• Strong communication skills, ability to lead work efforts, and self-starter.
• Strong propensity for action and ownership.
• Experience in supporting an effective control environment.
• Proficient in writing and creating program documentation.

Preferred Qualifications

• Post-Graduate Degree.
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Information Systems Auditor (CISA).
• Financial Services experience.
• Leadership experience and executive presence.
• Working knowledge of Enterprise Risk Management principles/frameworks.

Hiring Range and Benefits

The hiring range for this position is $140,000 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: https://jobs.disneycareers.com/benefits