Principal Security Specialist
Company: Disneyland Hong Kong
Location: Orlando
Posted on: May 23, 2025
Job Description:
At Disney, we're storytellers. We make the impossible, possible.
The Walt Disney Company (TWDC) is a world-class entertainment and
technological leader. Walt's passion was to continuously envision
new ways to move audiences around the world-a passion that remains
our touchstone in an enterprise that stretches from theme parks,
resorts and a cruise line to sports, news, movies and a variety of
other businesses. Uniting each endeavor is a commitment to creating
and delivering unforgettable experiences - and we're constantly
looking for new ways to enhance these exciting experiences.The
Enterprise Technology mission is to deliver technology solutions
that align to business strategies while enabling enterprise
efficiency and promoting cross-company collaborative innovation.
Our group drives competitive advantage by enhancing our consumer
experiences, enabling business growth, and advancing operational
excellence.The Global Information Security (GIS)organization
strives to secure the magic by employing best-in-class services to
assess, prevent, detect, and respond to cyber threats that present
risk to The Walt Disney Company. We enable the business by
integrating enterprise and business segment-specific supported
services to create a robust, efficient, and adaptable cybersecurity
program. Our key objectives are to:
- Secure the Magic by protecting information systems and
platforms.
- Reduce Risk by proactively assessing, preventing, and detecting
to prevent harm to the Company and our Guests.
- Strengthen the business through optimizing execution,
application, and technology used to protect the Company.
- Innovate by investing in core capabilities to enhance
operational efficiency.Team Description:The Disney Entertainment
(DE) Cyber Risk department consists of a global team of cast
members, contingent workers, and contractors whose primary
objective is to "Secure the Magic". This objective is met by acting
as a trusted partner with global technology teams and business
partners to analyze, mitigate, and report upon security risks
within their environments. We provide security advice and support
to ensure security requirements are met and aligned with Disney
Information Security Policies and Standards.Our span of control
includes assessing the risk and control design associated with
third-parties, internal applications, new product deployments, and
infrastructure changes to ensure systems are within risk tolerance.
The department also maintains strong partnerships with other
technical security teams such as security architecture, product
security, and content protection within DE and the larger GIS
department.Responsibilities of Role:
- Define, develop, implement, and execute key programs within the
DE segment InfoSec team that include:
- Control design, assessment, testing, and implementation of
products and infrastructure
- Vendor risk management
- Application risk assessment
- Risk Acceptance
- Risk Reporting
- Expertise in understanding system / network design based on
review of network and data flow diagrams, technical specification,
and product design documents.
- Strong ability to scope product security reviews based on
analysis of proposed system and network design and consults with
system and data owners to understand business and technical
risk.
- Scoping will require identification, and validation of control
design in accordance with company policies, standards, and industry
best practices.
- Collaborate with technical security teams to analyze and test
pre-implementation controls or mitigating controls to remediate
security gaps to provide security endorsement prior to product
launch.
- Collaborate with key corporate stakeholders (e.g., Legal,
privacy, sourcing) to ensure security services and procedures are
understood and included into applicable programs and
processes.
- Identify and drive implement of automation opportunities used
to increase output and improve visibility into operational risk.
Manage implemented automations to ensure modifications and break
fixes are perform as they are required / identified.
- Build a strong understanding of the business environment, to
identify, mitigate, and remediate risk.
- Drive continuous process maturity, improvement and assist in
documenting risk management processes.
- Be a trusted advisor to our business partners and build strong
relations.
- Monitor and report upon key TWDC technology security risks
including documenting environment risk and providing regular risk
and operational reporting on going initiatives.
- Independently prioritize high risk queries and tasks ensuring
they go through required risk assessments and / or security
services.
- Manage, prioritize, and proactively report on the status of
assigned projects and/or deliverables to impacted
stakeholders.
- Remain current with changes in policy, regulations, and
technology to understand, communicate, and manage their associated
risks to the Company.
- Support the initiatives and deliverables of the GIS
department.
- Through example and behavior, strive to provide peer leadership
to other team members with the goals of providing service
excellence.Must Haves:
- Minimum of 10 years of experience in Information
Technology.
- Minimum of 5 years of experience in Risk Management,
Information Security or Audit & Compliance.
- Experience interpreting and assessing risk based on information
from numerous sources to form a practical and operational realistic
solution.
- Working knowledge of information security related best
practices and standards such as ISO 2700x, SOC 2, NIST, PCI
requirements etc.
- Working knowledge of cloud infrastructure engineering /
architecture principles.
- Knowledge of conducting risk assessments using industry
recognized risk management methodologiesNice To Haves:
- Master's in Computer Science, Information Security, or relevant
technology field.
- Working towards one or more credentials - CISA, CISM, CRISC,
ISO27001 CCSP, CISSP, Security+
- Understanding of security and vulnerability detection tools
(e.g., Tenable, Qualys, CrowdStrike, Prisma).
- Experience with a large company and/or Big 4 accounting
firm.
- Experience working with regulatory security frameworks such as
ISO.Education:
- BA/BS in Computer Science, Information Security, or relevant
technology field, and/or equivalent work experience.------------:At
Disney, we're storytellers. We make the impossible, possible. The
Walt Disney Company (TWDC) is a world-class entertainment and
technological leader. Walt's passion was to continuously envision
new ways to move audiences around the world-a passion that remains
our touchstone in an enterprise that stretches from theme parks,
resorts and a cruise line to sports, news, movies and a variety of
other businesses. Uniting each endeavor is a commitment to creating
and delivering unforgettable experiences - and we're constantly
looking for new ways to enhance these exciting experiences.The
Enterprise Technology mission is to deliver technology solutions
that align to business strategies while enabling enterprise
efficiency and promoting cross-company collaborative innovation.
Our group drives competitive advantage by enhancing our consumer
experiences, enabling business growth, and advancing operational
excellence.The Global Information Security (GIS)organization
strives to secure the magic by employing best-in-class services to
assess, prevent, detect, and respond to cyber threats that present
risk to The Walt Disney Company. We enable the business by
integrating enterprise and business segment-specific supported
services to create a robust, efficient, and adaptable cybersecurity
program. Our key objectives are to:
- Secure the Magic by protecting information systems and
platforms.
- Reduce Risk by proactively assessing, preventing, and detecting
to prevent harm to the Company and our Guests.
- Strengthen the business through optimizing execution,
application, and technology used to protect the Company.
- Innovate by investing in core capabilities to enhance
operational efficiency.Team Description:The Disney Entertainment
(DE) Cyber Risk department consists of a global team of cast
members, contingent workers, and contractors whose primary
objective is to "Secure the Magic". This objective is met by acting
as a trusted partner with global technology teams and business
partners to analyze, mitigate, and report upon security risks
within their environments. We provide security advice and support
to ensure security requirements are met and aligned with Disney
Information Security Policies and Standards.Our span of control
includes assessing the risk and control design associated with
third-parties, internal applications, new product deployments, and
infrastructure changes to ensure systems are within risk tolerance.
The department also maintains strong partnerships with other
technical security teams such as security architecture, product
security, and content protection within DE and the larger GIS
department.Responsibilities of Role:
- Define, develop, implement, and execute key programs within the
DE segment InfoSec team that include:
- Control design, assessment, testing, and implementation of
products and infrastructure
- Vendor risk management
- Application risk assessment
- Risk Acceptance
- Risk Reporting
- Expertise in understanding system / network design based on
review of network and data flow diagrams, technical specification,
and product design documents.
- Strong ability to scope product security reviews based on
analysis of proposed system and network design and consults with
system and data owners to understand business and technical
risk.
- Scoping will require identification, and validation of control
design in accordance with company policies, standards, and industry
best practices.
- Collaborate with technical security teams to analyze and test
pre-implementation controls or mitigating controls to remediate
security gaps to provide security endorsement prior to product
launch.
- Collaborate with key corporate stakeholders (e.g., Legal,
privacy, sourcing) to ensure security services and procedures are
understood and included into applicable programs and
processes.
- Identify and drive implement of automation opportunities used
to increase output and improve visibility into operational risk.
Manage implemented automations to ensure modifications and break
fixes are perform as they are required / identified.
- Build a strong understanding of the business environment, to
identify, mitigate, and remediate risk.
- Drive continuous process maturity, improvement and assist in
documenting risk management processes.
- Be a trusted advisor to our business partners and build strong
relations.
- Monitor and report upon key TWDC technology security risks
including documenting environment risk and providing regular risk
and operational reporting on going initiatives.
- Independently prioritize high risk queries and tasks ensuring
they go through required risk assessments and / or security
services.
- Manage, prioritize, and proactively report on the status of
assigned projects and/or deliverables to impacted
stakeholders.
- Remain current with changes in policy, regulations, and
technology to understand, communicate, and manage their associated
risks to the Company.
- Support the initiatives and deliverables of the GIS
department.
- Through example and behavior, strive to provide peer leadership
to other team members with the goals of providing service
excellence.Must Haves:
- Minimum of 10 years of experience in Information
Technology.
- Minimum of 5 years of experience in Risk Management,
Information Security or Audit & Compliance.
- Experience interpreting and assessing risk based on information
from numerous sources to form a practical and operational realistic
solution.
- Working knowledge of information security related best
practices and standards such as ISO 2700x, SOC 2, NIST, PCI
requirements etc.
- Working knowledge of cloud infrastructure engineering /
architecture principles.
- Knowledge of conducting risk assessments using industry
recognized risk management methodologiesNice To Haves:
- Master's in Computer Science, Information Security, or relevant
technology field.
- Working towards one or more credentials - CISA, CISM, CRISC,
ISO27001 CCSP, CISSP, Security+
- Understanding of security and vulnerability detection tools
(e.g., Tenable, Qualys, CrowdStrike, Prisma).
- Experience with a large company and/or Big 4 accounting
firm.
- Experience working with regulatory security frameworks such as
ISO.Education:
- BA/BS in Computer Science, Information Security, or relevant
technology field, and/or equivalent work experience.
The hiring range for this position in Connecticut and California is
$152,200 to $204,100 per year and in Washington and New York is
$159,500 to $213,900 per year. The base pay actually offered will
take into account internal equity and also may vary depending on
the candidate's geographic region, job-related knowledge, skills,
and experience among other factors. A bonus and/or long-term
incentive units may be provided as part of the compensation
package, in addition to the full range of medical, financial,
and/or other benefits, dependent on the level and position
offered.Disability Accommodation for Employment ApplicationsThe
Walt Disney Company and its Affiliated Companies are Equal
Employment Opportunity employers and welcome all job seekers
including individuals with disabilities and veterans with
disabilities. If you have a disability and believe you need a
reasonable accommodation in order to search for a job opening or
apply for a position, visit the Disney candidate disability
accommodations FAQs . We will only respond to those requests that
are related to the accessibility of the online application system
due to a disability.
#J-18808-Ljbffr
Keywords: Disneyland Hong Kong, Palm Coast , Principal Security Specialist, Other , Orlando, Florida
Didn't find what you're looking for? Search again!
Loading more jobs...
