Experienced Full Stack Cybersecurity Risk Management Specialist – Web & Cloud Application Development, Governance, Threat, and Compliance
About Us
Welcome to the enchanting world of Disney, where magic meets innovation. As a leader in the entertainment industry, we're constantly pushing the boundaries of what's possible. Our team is passionate about creating unforgettable experiences for our guests, and we're looking for talented individuals to join us on this journey.Job Description
We're seeking an experienced Full Stack Cybersecurity Risk Management Specialist to join our team. As a key member of our Cybersecurity Crew, you'll play a vital role in guiding GRC-related activities and ensuring the smooth execution of various tasks. Your expertise will help us navigate the ever-evolving landscape of cybersecurity threats and regulations.Key Responsibilities
As a Full Stack Cybersecurity Risk Management Specialist, you'll be responsible for:- Assisting the Walt Disney Agency's 3rd Party/ Internal Risk Management (TPRM) software in managing internal safety compliance requirements and implementing regulations, tactics, and frameworks at Disney Star.
- Validating incoming 3rd Party/Internal Risk Assessment requests, working with business stakeholders to confirm the details of the request and the scope of the engagement.
- Coordinating the distribution of due diligence questionnaires to internal stakeholders/3rd Party, reviewing submitted questionnaires for completeness, and identifying risks arising from the current design and operational effectiveness of the internal/3rd Party's security controls.
- Filing responses, associated findings, and remediation plans in the TWDC systems.
- Drafting/reviewing reports for the checks performed and ensuring respective business stakeholders finalize reviews.
- Being a strong liaison to ensure any queries are responded to concerning the Risk Control Technique and Evaluation to the business or 3rd Parties as required.
- Continuously tracking 3rd Parties via TWDC systems for current/new findings and escalating any findings to closure.
- Identifying opportunities for improvement within the TWDC systems and strategies.
- Working intensely with Chance Lead/Supervisor to timetable and execute a range of different supporting activities related to the Risk Management Program.
Governance, Threat, and Compliance
As a Full Stack Cybersecurity Risk Management Specialist, you'll also be responsible for:- Leading and assisting the improvement of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the Agency's Threat Appetite.
- Maintaining and documenting compliance towards information security-related guidelines and processes through planning, checking, remediating, tracking, and reporting on control reviews and risk assessments.
- Leading the development and delivery of compliance and risk education and ongoing communications that assist in the promotion of a culture of protection and compliance.
- Remaining up-to-date with regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas.
- Leading the team to preserve and guide ISO 27001 certification.
Competencies & Attributes for Success
To be successful in this role, you'll need:- Understanding and competencies in risk management, cybersecurity, and compliance.
- Outstanding stakeholder management.
- A working understanding of information security-related best practices and requirements, including ISO 27001, SOC 2 requirements, SSAE 16/18 requirements, and others.
- Experience in the control of risk, controls, and compliance.
- Expertise in risk evaluation methodologies – qualitative/quantitative.
- Super analytical and problem-solving abilities.
- Super presentation making and delivery abilities.
Personal Attributes
As a Full Stack Cybersecurity Risk Management Specialist, you'll need to possess:- Robust interpersonal skills.
- Ability to navigate rapid-paced environments and be flexible with working hours.
- Fantastic communication skills, both verbal and written.
- Ability to adapt quickly to changing conditions and promote quality change.
Preferred Qualifications & Experience
We're looking for candidates with:- Applicable Bachelor's/Master's degree from an accredited university or equivalent experience.
- 4 years of experience in 3rd Party Risk Control, Records Security, and Audit & Compliance Tracking (minimum of 2-3 years in TPRM/Internal Audit).
- Preferred experience with a large company and/or Big Four accounting company.
- One or more certifications – CISA, CRISC, ISO27001 Lead Auditor, CISSP.
- Experience in AI/ML is a plus.