Manager, Cloud Security Consulting

At Disney, we‘re storytellers. We make the impossible, possible. We do this through utilizing and developing cutting-edge technology and pushing the envelope to bring stories to life through our movies, products, interactive games, parks and resorts, and media networks. Now is your chance to join our talented team that delivers unparalleled creative content to audiences around the world.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We are here to protect the brand and reputation while enabling and supporting the business units. GIS teams are located in Seattle, Glendale, and Orlando.
The IT Security Architecture team develops and guides technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions. We are a highly versatile and technical team, gleaning from network engineering, application security, architecture, risk assessment and control alignment.
We are a lean team of security specialists that are here to:

• Evaluate solutions, architectures and processes to assess risk
• Identify solutions to remediate risk
• Support Third Party Assessments driven by Compliance
• Participate in and drive technology projects
• Work with BUs to ensure security services are integrated with their solutions

The Manager, Cloud Consulting - Security Architecture is responsible for evaluating a myriad of cloud deployment scenarios, services, and technology to ensure they are secure and compliant across the Walt Disney Company (TWDC). This role is highly versatile and gleaning from network engineering, application security, compliance, cloud and DevSecOps.
Responsibilities

• Engage with cross-functional teams in the design and implementation of cloud and cloud-security projects and initiatives
• Promote awareness of applicable security policies and standards and implement or coordinate remediation required by audits, as necessary
• Know and evaluate current policies to provide risk analysis, input to vulnerability testing and security reviews
• Execute activities related to cloud control compliance assessment design, execution, and service workflow (scoping, evidence collection, reporting, process metrics, process improvement, and QA)
• Manage a variety of assessments over applications in one or more Public, Private or Hybrid Cloud environment
• Establish metric based measurement of risk and produce dashboards regularly
  Develop and document technical solutions that meet specifications and that impact future developments
• Provide technical assistance in the selection, configuration, and maintenance of cloud security solutions
• Research, learn and evaluate new technologies to solve problems, close gaps or improve functionality and operations
• Understand business drivers and processes to evaluate risk and recommend solutions with a balanced result

Basic Qualifications

• 4+ years of information security or IT audit or IT compliance experience
• 3 years of practical cloud information security experience
• 2+ years of program and project management experience; Expert project/program management and prioritization skills - ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment
• Prior experience working within a global Information Technology organization, supporting enterprise level IT and legal departments
• 1-3 years of experience in technical security controls assessments
• Experience in information management and information technology security design and implementation
• Demonstrated experience in creating conceptual, logical and physical security diagrams
• Thorough understanding of vulnerabilities and countermeasures
• Experience planning and executing security control assessments involving complex systems
• Knowledge of information security and data related laws, regulations, and industry requirements (i.e.EU Safe Harbor Directive / Privacy Shield, Payment Card Industry, Domestic and International Privacy regulations)
• Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments
• Knowledge and experience with physical and virtual server configurations and implementations
• Experience working with cloud technologies (e.g., VPC, Console management, WAF, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)
• Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.)
• Experience with risk and control automation processes and technologies
• Excellent written and verbal communication skills including reporting
• Practical use and understanding of advanced security protocols and standards
• Two or more senior Information Security and cloud certifications: CISA, CISSP, CCSP, CCSK, AWS Certified, GSEC or other relevant cyber security certification, PMP

Preferred Qualifications

• External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500)

Required Education

• BS degree in Computer Science, MIS, Computer Engineering, Risk Management or Information Assurance or 5+ years’ equivalent technology experience or related work experience with a different 4 year degree

Preferred Education

• Masters or other advanced degree preferred

Company Overview At Corporate, you’ll team with the best in the business to build one of the most innovative global businesses in any industry. Uniquely positioned at the center of an exciting, multi-faceted Company, the forward-thinkers at Disney Corporate constantly pursue new ideas and technologies to help the Company’s many businesses drive value, all the while gaining something valuable from the experience themselves. Come see the most interesting Company from the most interesting point of view. Additional Information

• This position is a legal entity of The Walt Disney Company, an equal opportunity employer.