Job Title - Senior Security Specialist, Compliance
Location: 820 S Flower Street, Burbank, CA OR 1211 Avenue of the Americas, New York, NY No preference but can sit in either location - Onsite 4 days a week
Salary - $140K
Interview Process: 1-2 Rounds
Job Type - FTE
Description/Comment: Compliance Assessments
• For all IT security control domains, assess and measure compliance with both external requirements (e.g., contractual requirements with business partners; the SWIFT Customer Security Program) and internal policies and standards.
• Manage scoping, planning, scheduling, and execution of assessments.
• Conduct interviews to clarify processes and architectures. Be able to distinguish between control processes and operational processes, and swiftly grasp the underlying technology stack and end-to-end service delivery flows. • Obtain artifacts to support the assessment of security controls and procedures, using a robust “trust but verify” approach.
• Present assessment findings and recommendations to management, concluding on the effectiveness and efficiency of control mechanisms.
• Document assessment results and cogent control process narratives in workpapers. Compliance Advisory
• Advise IT, Segment, and business partners on security-related risks and control weaknesses. For identified security gaps, contribute to performing business impact analyses and determining appropriate remedies that minimize security threats.
• Articulate the elements of effective and sustainable control design to IT and business partners.
• Design and implement continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data that reflects the current state of the control environment for TWDC.
• For targeted controls and systems, facilitate the collection of control attestations and questionnaires.
• Manage inventories and tracking of remediation efforts and compensating controls.
• Stay abreast of compliance and assessment trends within TWDC, at suppliers, and from legislators and regulatory bodies.
Basic Qualifications
• 4+ years of IT audit, or IT security and/or compliance experience
• Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments
• CISA, CISM
• Knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GDPR, Payment Card Industry, Domestic and International Privacy regulations) .
• Knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments used to dispense financial and accounting services.
• Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.).
• Knowledge of US Financial regulations and reporting requirements SOX, SSAE, IAS.
• Project/program management and prioritization skills.
Required Skills:
• 4+ years of IT audit, or IT security and/or compliance experience
• Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments • ISO2001 Implementation and/or auditing
• IT Audit Security
Background Ideal Skills:
• Certification - Certified Information Systems Auditor (CISA) OR Certified Information Security Manager (CISM)