Job Title - Senior Security Specialist, Compliance (14259538)

Location: 820 S Flower Street, Burbank, CA

OR 1211 Avenue of the Americas, New York, NY

No preference but can sit in either location - Onsite 4 days a week

Interview Process: 1-2 Rounds

Job Type - FTE

Description/Comment:

Compliance Assessments

For all IT security control domains, assess and measure compliance with both external requirements (e.g., contractual requirements with business partners; the SWIFT Customer Security Program) and internal policies and standards.

Manage scoping, planning, scheduling, and execution of assessments.

Conduct interviews to clarify processes and architectures. Be able to distinguish between control processes and operational processes, and swiftly grasp the underlying technology stack and end-to-end service delivery flows.

Obtain artifacts to support the assessment of security controls and procedures, using a robust "trust but verify" approach.

Present assessment findings and recommendations to management, concluding on the effectiveness and efficiency of control mechanisms.

Document assessment results and cogent control process narratives in workpapers.

Compliance Advisory

Advise IT, Segment, and business partners on security-related risks and control weaknesses. For identified security gaps, contribute to performing business impact analyses and determining appropriate remedies that minimize security threats.

Articulate the elements of effective and sustainable control design to IT and business partners.

Design and implement continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data that reflects the current state of the control environment for TWDC.

For targeted controls and systems, facilitate the collection of control attestations and questionnaires.

Manage inventories and tracking of remediation efforts and compensating controls.

Stay abreast of compliance and assessment trends within TWDC, at suppliers, and from legislators and regulatory bodies.

Basic Qualifications

4 years of IT audit, or IT security and/or compliance experience

Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments

CISA, CISM

Knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GDPR, Payment Card Industry, Domestic and International Privacy regulations) .

Knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments used to dispense financial and accounting services.

Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.).

Knowledge of US Financial regulations and reporting requirements SOX, SSAE, IAS.

Project/program management and prioritization skills.

Required Skills:

4 years of IT audit, or IT security and/or compliance experience

Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments

ISO2001 Implementation and/or auditing

IT Audit Security Background

Ideal Skills:

Certification - Certified Information Systems Auditor (CISA) OR Certified Information Security Manager (CISM)