Senior Security Analyst

JOB SUMMARY:

The Security Analyst is primarily responsible for executing various information security control assessment procedures to support numerous compliance programs. The role will coordinate with security/compliance point of contacts throughout the enterprise to confirm assessment scope, prepare/execute assessment procedures and prepare necessary reporting for internal or external stakeholders.

The role will specifically be supporting the Third-Party Risk Management function performing controls assessments over third party vendors providing services and products across different Disney business units. This includes helping to improve the overall effectiveness and efficiency of the assessment process.

In addition to supporting the Third-Party Risk Management function, this role will also help support other various compliance programs such as Sarbanes-Oxley, ISO27001, PCI DSS, etc.

KEY RESPONSBILITIES:

Support the Third-Party Risk Management Functio

nExecute third-party related due diligence assessments

.Coordinate assessment activities with internal business stakeholders and vendors

.Maintain KPIs on an ongoing basis

.Create and maintain necessary documentation related to the planning, execution, and reporting of assessments, correspondence, findings, and remediation plans in TWDC systems

.Contribute to the overall optimization of the third-party risk management functio

nSupport various other enterprise-wide information security compliance efforts, including, but not limited to

:Sarbanes-Oxley support in the form of internal control design and operating effectiveness testing

.Service Organization Controls (SOC) report reviews for key vendors

.ISO27001 / K-ISMS support in the form of risk assessment and consulting with control/process owners on remediation and ongoing monitoring

.PCI DSS support in the form of annual QSA audit management

.Perform ad-hoc customized control risk assessments to analyse information security and compliance risks. Work with various process/control owners to plan, execute, and report assessment results, including the documentation and monitoring of treatment and mitigation measures

.SKILLS & ATTRIBUTES FOR SUCCESS

:
Excellent stakeholder managem

entWorking knowledge of information security related frameworks including, but not limited to NIST, PCI DSS, ISO 2700x, SOC reporting (e.g., SSAE18, ISAE340

2).Working knowledge of cloud security and client-server architect

ureExperience in the management of risk, controls, and complia

nceKnowledge of risk assessment methodologies – qualitative/quantitat

iveExcellent analytical and problem-solving ski

llsExcellent presentation making and delivery ski

llsPREFERRED EDUCATION & EXPERIE

• NCE: Relevant Bachelor’s/Master’s degree from an accredited university or equivalent experi
• ence.8-10 years of experience across Third-Party Risk Management, Information Security and Audit & Compliance monit
• oringMinimum of 5 years in TPRM/Internal Audit/
• Risk.Preferred experience with a large company and/or Big 4 accounting
• firm.One or more credentials - CISA, CRISC, ISO27001 LA/LI, CISSP, C
• CSSP.Experience in AI/ML and Cloud Devops is a