Studio Cybersecurity Risk Analyst

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

We are defenders of the magic, waging an epic battle to ­­­­­­safeguard our franchises, protect our people, and ensure the world’s most admired entertainment company is not disrupted by cybersecurity threats.  We are partners in protecting Disney’s highly respected portfolio including Marvel Studios, Pixar Animation Studios, Lucasfilm, Disney Live Action Films, Walt Disney Animation Studios, Searchlight Pictures, and 20th Century Studios.

The Studios Cybersecurity team are seeking a Cybersecurity Risk Analyst, who will be an exceptional addition to our team. As a Cybersecurity Risk Analyst, you will be responsible for validating, assessing, and mitigating potential security threats by partnering with our technology partners to develop and implement configuration and controls, ensuring the protection of sensitive data, systems, and infrastructure. This is a technical role with a focus on analyzing Cyber Risk and assessments over the technologies we support. This role will work closely with the Studios Cybersecurity team, Content Security, and application developers, engineering partners on key initiatives to meet Risk and Compliance requirements over TWDC Information Security Policies, Content Protection standards, Security Configuration Standards, and applicable regulatory requirements. This role will be partnering with the Cybersecurity service owners, Engineering, Application Developers, infrastructure teams, TWDC Global Information Security, and various Studio partners through control assessments, solutions architect, remediation requirements, risk management, and interfacing with the key stakeholders to mature our overall security posture.

Responsibilities of Role:

• Analyze assessment outcomes to identify potential security threats and vulnerabilities across all organizational systems and operations.
• Partner with stakeholders to remediate processes to address issues identified via application assessments, audit assessments, key financial application reviews, access control reviews, internal or external audits and/or other assessments.
• Assess the security posture of third-party vendors and manage security risks associated with outsourced services.
• Consult and apply relevant security regulations, TWDC information security policies, security configuration standards, and compliance standards.
• Track performance reporting related to risk and internal controls effectiveness to management.
• Work with engineering and development teams to prioritize remediations to reduce or mitigate security risks timely.
• Assist in the secure design and analysis of on-premises and cloud-based infrastructure and applications.
• Facilitate SDLC best practices through ensuring onboarding for SAST and SCA testing for high impact applications.
• Provide support for continuous improvement initiatives to mitigate/manage risks.
• Partner with functional business areas to analyze and determine the effect to internal control systems for new information technology implementations and proposed process improvement changes.
• Be a key partner and contributor to the implementation of enterprise technology and tools, such as a GRC, to support the effective and efficient execution of risk management processes, including automation of processes, where possible.

Must Haves (Years of Experience, languages, programs, tools, etc.):

• 3 years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance
• Deep understanding of cybersecurity principles and best practices
• Expertise in risk assessment methodologies and frameworks (e.g., NIST RMF)
• Knowledge of security best practices over public cloud such as AWS, Azure and GCP.
• Proven ability to analyze and assess complicated application architectures and workflows to identify risk.
• Familiarity with identity and access management integrations such as Active Directory, Okta, Auth0, SAML, OIDC).
• Knowledge of RESTful web services (client–server application).
• Familiarity with CI/CD principals, tools and services.
• Experience with one or more programming or scripting languages – i.e PowerShell, Python, C#, VB, VBA, Ruby, NodeJS, SQL, etc
• Strong analytical and problem-solving skills
• Excellent communication and presentation skills to convey complex security concepts to non-technical audiences
• Experience with security tools and technologies (e.g., firewalls, intrusion detection/prevention systems, SIEM)
• History of on-time, on-budget delivery of strategic deliverables
• Highly organized and efficient. Proven ability to manage multiple projects at a given time.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience
• Relevant security certifications (e.g., CISSP, CISA, CISM)

#DISNEYTECH

#LI-AF2