Senior Security Analyst

JOB SUMMARY:

The Senior Security Analyst is primarily responsible for executing various information security control assessment procedures to support numerous compliance programs. The role will coordinate with security/compliance point of contacts throughout the enterprise to confirm assessment scope, prepare/execute assessment procedures and prepare necessary reporting for internal or external stakeholders.

The role will specifically be supporting the Third-Party Risk Management function performing controls assessments over third party vendors providing services and products across different Disney business units. This includes helping to improve the overall effectiveness and efficiency of the assessment process.

In addition to supporting the Third-Party Risk Management function, this role will also help support other various compliance programs such as Sarbanes-Oxley, ISO27001, PCI DSS, etc.

KEY RESPONSBILITIES:

Support the Third-Party Risk Management Function

Execute third-party related due diligence assessments.

Coordinate assessment activities with internal business stakeholders and vendors.

Maintain KPIs on an ongoing basis.

Create and maintain necessary documentation related to the planning, execution, and reporting of assessments, correspondence, findings, and remediation plans in TWDC systems.

Contribute to the overall optimization of the third-party risk management function

Support various other enterprise-wide information security compliance efforts, including, but not limited to:

Sarbanes-Oxley support in the form of internal control design and operating effectiveness testing.

Service Organization Controls (SOC) report reviews for key vendors.

ISO27001 / K-ISMS support in the form of risk assessment and consulting with control/process owners on remediation and ongoing monitoring.

PCI DSS support in the form of annual QSA audit management.

Perform ad-hoc customized control risk assessments to analyse information security and compliance risks. Work with various process/control owners to plan, execute, and report assessment results, including the documentation and monitoring of treatment and mitigation measures.

SKILLS & ATTRIBUTES FOR SUCCESS:

Excellent stakeholder management

Working knowledge of information security related frameworks including, but not limited to NIST, PCI DSS, ISO 2700x, SOC reporting (e.g., SSAE18, ISAE3402).

Working knowledge of cloud security and client-server architecture

Experience in the management of risk, controls, and compliance

Knowledge of risk assessment methodologies – qualitative/quantitative

Excellent analytical and problem-solving skills

Excellent presentation making and delivery skills

PREFERRED EDUCATION & EXPERIENCE:

• Relevant Bachelor’s/Master’s degree from an accredited university or equivalent experience.
• 3-5 years of experience across Third-Party Risk Management, Information Security and Audit & Compliance monitoring
• Minimum of 2 years in TPRM/Internal Audit/Risk.
• Preferred experience with a large company and/or Big 4 accounting firm.
• One or more credentials - CISA, CRISC, ISO27001 LA/LI, CISSP, CCSSP.
• Experience in AI/ML and Cloud Devops is a plus.