Staff Security Specialist, Information Security

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

This role will provide security expertise to ensure new projects, existing systems and third-party service providers have required security, privacy and compliance controls in place. The Staff Security Specialist will review system architecture, data flow and operational processes when evaluating systems. The Staff Security Specialist will also conceptualize and develop solutions to improve security posture and lead projects from conception to design to implementation. Without this additional support security work will not be completed timely resulting in project delays or new systems potentially going live with security vulnerabilities.

What You'll Do:     

• Lead the review reports, assessments, and findings to identify remediation and/or corrective action needed.
• Drive coordination with IT and business partners to facilitate necessary remediation and corrective action.
• Verify remediation and corrective action activity achieves compliance against security standards such as CIS Benchmarks, NIST, and TWDC policies and standards.
• Document open items in status reports, including next steps, dependencies, and stakeholders.
• Lead communication of results to stakeholders, including technical and non-technical audiences.
• Provide recommendations to improve security posture.
• Lead in improving security baselines and standards.
• Stay updated on evolving security guidelines and incorporate them into IT and business practices.
• Stay informed on emerging threats and vulnerabilities.
• Proactively recommend adjustments to mitigate risks.
• Work closely with business partners, key stakeholders, and internal departments to evaluate current and future security and compliance strategies.
• Stay informed about information security trends, directions, and technologies in the technology industry.
• Monitor industry trends and identify best practices and/or methodologies to implement in-house.

Required Qualifications & Skills:

• Minimum of 7 years' experience of related experience leading and facilitating corrective action
• Highly skilled in coordinating remediation activities across a wide range of technologies.  
• 7+ years experience in identifying risk and execution of mitigation plans.  
• Demonstrated experience in a security program for a large and complex organization. 
• Knowledge of security frameworks and standards.
• Strong analytical thinking and attention to detail.  
• Demonstrated problem solving skills with an ability to develop creative alternatives to complex problems, as well as continuous process improvement skills. 
• Demonstrated ability to handle sensitive information. 
• Ability to establish credibility and working relationships with a wide range of personnel, including operations, management, executive, and legal staff.  
• Demonstrated professional written, verbal, and presentation communications skills. 
• Solid understanding of project management principles, including a demonstrated ability to multi-task effectively. 
• Proven ability to work effectively in a fast-paced environment as part of a high performance team. 

Required Education:

• Bachelor's degree or equivalent experience in Cyber Security, Computer Science, Management Information Systems, or related field. 

Preferred Education:

• One or more general security certifications including PCNSE, Security+, CySA+, CCNA Cyber Ops, AWS, GSEC, GICSP, CISSP, or other relevant certifications
• One or more vulnerability assessment or auditing certification including CISSA, CISM, GCCC, GSNA or other relevant certifications