AVP, Information Security
工作概要:
The AVP of Information Security is part of the organization's Enterprise Risk Management team and contributes to the enterprise-wide information security program to ensure that information assets are adequately protected. This role will help lead our organization's security initiatives and protect sensitive information assets by overseeing the development, implementation, and management of our information security program, ensuring compliance with industry regulations and best practices. You will collaborate with all levels of leadership and cross-functional teams to assess risks, enhance security measures, and respond to incidents effectively. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Position requires sound knowledge of business management and a working knowledge of information security practices, technologies, and control frameworks. Serves a vital role in assurance activities related to the availability, integrity and confidentiality of member, business partner, employee and business information in compliance with information security policies and standards. The AVP of Information Security must be highly knowledgeable about the business environment, possess the ability to successfully work with stakeholders to identify safe ways to empower business objectives, and ensure that information systems are maintained in a functional and secure manner.
Essential Responsibilities
Monitors essential processes to ensure compliance with policies, standards, practices and guidelines. Assists with information security compliance with applicable laws and regulations, regulatory requirements and policies and procedures, including but not limited to NCUA-748, GLBA, FACTA, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act (I.e., general banking industry regulatory requirements).
Capitalizes upon technical knowledge and executive presence in owning business relationships with executive and other leadership stakeholders in order to drive enhancements to the organizations security posture in line with broader strategic objectives.
Manage and execute the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.
Supports the IS program and other stakeholders in the management and oversight of Payment Cardholder Information Data Security Standards (PCI-DSS) compliance program, including identification of controls and validation and oversight of gap remediation. Supports successful audits of PCI program.
Support, in collaboration with IT department, the program for penetration testing, vulnerability assessments, social engineering testing, and other testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive member and company information; performs risk analysis and recommends remediation for deficiencies. Supports testing outputs and evolves reporting processes with the intent of improving the organizations view of information security risks.
Supports and/or manages Information Security risk management activities within the Risk Management division, including information security risk assessment, vendor reviews, life cycle management reviews, verification of asset inventories, third-party risk, and manages the remediation of identified gaps and issues.
Actively supports, in collaboration with IT and Training departments, the bank-wide/departmental information security training program. Maintains current knowledge of evolving information security risks, particularly cyber security, new and evolving trends with mitigation tools and changes to security regulations affecting financial institutions.
Develop and support information and access management initiatives (Data classification, segmentation, access schemes, enforcement of policy, etc.)
Builds and matures a culture focused on the proactive awareness and improvement of the security and risk environment. Supports information security and risk management awareness training programs for all employees, contractors and approved system users.
May support and/or perform the evaluation of internal control maturity against best practices and frameworks like NIST-CSF, PCI-DSS, ISO-27000 series, and other applicable information security frameworks.
Support the development, implementation, monitoring, and maintenance of information security policies, procedures, standards, and guidelines by reviewing for adequacy. This role will actively maintain and produce policies, procedures, and standards documents.
Provides reporting and measurements of program effectiveness and provides analysis to senior management. Will seek to evolve reporting and assessment practices and standards to effectively communicate information security posture and risk factors.
Support the management of and response to security incidents and events to protect corporate assets, including intellectual property, regulated data and reputation. May serve as an active participant and subject matter expert in regard to testing and live incidents.
Monitor the external and internal threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. This task may also involve opening tickets, writing summaries, and working with internal stakeholders to mitigate risks.
Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
Conducts user access reviews and other monitoring aspects of identity and access management.
Manage miscellaneous documentation, requests processing, training (new hire, employee awareness), and other projects as assigned.
Participates in regular team meetings, one-on-one meetings, as well as other department-level meetings with vendors and key stakeholders as needed.
Supports, produces, and maintains tracking metrics and reporting on information security risks, topics, and other related activity in conjunction with operational needs.
Prepares, communicates, and or delivers metrics-based information and presentations to both leadership and other areas of the organization as needed.
Maintains knowledge of industry trends, best practices, contemporary industry methodologies, and other related information. Serves as an SME to the organization at large.
Supports the strategic growth and operational evolution of the Department. May conduct formal/informal operational analysis, works with the broader security/risk team and leadership, and seeks continuous improvement in alignment with strategic plans.
Ensures and promotes the highest level of integrity within the scope of department operations, to include adherence to company policy, established laws, and regulatory guidelines.
Consciously creates a workplace culture that is consistent with the overall organizations and that emphasizes the identified mission, vision, guiding principles, and values of the organization.
Supports and drives information security initiatives and projects throughout the organization. Requires basic project management skills, the ability to prioritize tasks, and work closely with stakeholders.
Supports other Risk Management department programs and initiatives as needed. May serve on project teams, committees, and provide SME and advice to key stakeholders.
Manages and supports creation of new processes that help the organization facilitate information security related tasks sets, review processes, and operational efficiency.
Will be inquisitive, use effective interviewing skills and discovery techniques, in order to identify information security risks, determine mitigating efforts, and support business stakeholders in executing work efforts in a safe and secure manner.
Will train/cross-train with other information security team members to eliminate single points of operational failure and to promote a holistic information security program.
General Departmental and Administrative Duties (10% of time)
Supports the strategic agenda of Enterprise Risk management initiatives as well as the overall mission within the organization.
Assists with the implementation and administration of risk management programs.
Prepares reporting, dashboards, and scorecards as necessary to communicate key performance indicators related to Enterprise Risk.
Tracks corrective action related to Enterprise Risk and other matters as assigned.
Assists with completion of a variety of risk assessments, including managing and tracking requested information, distributing reports, and obtaining responses from management.
Assists with completion of a variety of third-party reviews, including audits, examinations, and independent testing including managing and tracking requested information, distributing reports, and obtaining responses from management.
Completes general administrative tasks such as time tracking and SAP entry, processing vendor invoices, general employee related tasks and functions, participation in company sponsored events and initiatives, etc.
Gives presentations regarding managed verticals or other relative information.
Education Level: Bachelor's Degree (required) AND Post-Graduate Degree (preferred)
Years of Relevant Work Experience: 5 to 10 years
Certifications, Licenses, Registrations
• Certified Information Systems Security Professional (CISSP) - Preferred
• Certified Information Security Manger (CISM) - Preferred
• Certified Information Systems Auditor (CISA) - Preferred
• Similar Credential is desired (CompTia, CEH, etc.) - Preferred
Other Training, Technical Skills, or Knowledge
• Financial Services – Strongly preferred
• Information Security/Cyber Security (5 – 10 years) - Required
• Degree in Computer Sciences, Business Administration or a technology-related field, and/or equivalent work or education related experience - Required
• Information Security program management experience (Holistic view) - Required
• Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint - Required
• Leadership experience and executive presence - Preferred
• Must show evidence of strong communication skills, ability lead and drive work efforts, and self-starter - Required
• Strong propensity for action and ownership of role (Lead from your seat / Must demonstrate accomplishments) - Required
• Prior experience supporting an active and effective control environment (I.e., audit, risk assessments, program maturity frameworks, etc.) - Required
• Must be proficient at writing, maintaining, and creating program documentation, such as policies, procedures, and standards. (Role requires technical writing skills) - Required
• Working knowledge of Enterprise Risk Management principles/frameworks (I.e., COSO, 3-Lines, Layered Security, etc.) - Preferred
Abilities and Behaviors:
In depth knowledge of information security frameworks, standards and guidelines, including NIST, FFIEC, and NCUA regulations and guidelines.
Must be able to manage multiple priorities effectively
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Proven track record and experience in assessing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.
Must not be a “box checker,” but must thrive in taking an active role in ownership.
Critical thinking skills, sound judgement, and ability to build trust with stakeholders.
Must possess effective writing skills and the ability to deliver presentations.
Excellent organizational skills, business acumen, and report/business writing skills
Mature demeanor with the ability to effectively self-manage.
Must possess appropriate level of technical skills, executive presence, ability to assess the control environment, while driving towards tangible results.
Ability to focus on delivery and achievement of strategic priorities.
Performance Standards:
Meet SLA’s relating to production standards & deadlines
Ability to support Risk Management projects & initiatives
Meet and abide by PFCU & Disney leadership standards and overall standards & conduct requirements
Knowledge and understanding of relevant legal and regulatory requirements (NCUA 748, GLBA, Guidelines for Safeguarding Member Information, Payment Card Industry/Data Security Standard, etc.).
Support and abide by related regulations and guidelines
Discretion / Latitude:
Requires critical thinking skills, sound judgement. There is a broader responsibility to the Risk Management department and overall Enterprise Risk initiatives.
Business / Work Environment:
Hybrid role requiring ability to effectively work-from-home with regular/occasional in-person meetings and work related obligation within a typical office environment with use of standard office equipment and tools.
The hiring range for this position is $140,000 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: https://jobs.disneycareers.com/benefits
關於Partners Federal Credit Union:
超過 50 年,Partners Federal Credit Union 向我們超過 125,000 名會員履行了 Partners Difference ,提供最高水平的服務、價值、造訪以及便利。加上,您在最大銀行會發現的各種金融產品,包括儲蓄、支票、貸款、財富管理和最新的創新賬戶存取。並且始終以獨家的方式連接 The Walt Disney Company 確保銀行業的質量水平。Partners 確實是為演藝人員提供服務的員工,建立與其他金融機構無法匹配的真正聯繫與服務承諾。加入並探索 Partners,我們永久尊重會員資格 — 因為會員可以在每個階段有信心地依靠我們。因為我們與 The Walt Disney Company 的關係緊密,在 Partners 工作的每個人也是 Disney 演藝人員/員工。
關於 The Walt Disney Company:
Walt Disney Company 連同其子公司和聯營公司,是領先的多元化國際家庭娛樂和媒體企業,其業務主要涉及三個範疇:Disney Entertainment、ESPN 及 Disney Experiences。Disney 在 1920 年代的起步之初,只是一間卡通工作室,至今已成為娛樂界的翹楚,並昂然堅守傳承,繼續為家庭中每位成員創造世界一流的故事與體驗。Disney 的故事、人物與體驗傳遍世界每個角落,深入人心。我們在 40 多個國家/地區營運業務,僱員及演藝人員攜手協力,創造全球和當地人們都珍愛的娛樂體驗。
這個職位隸屬於 Walt Disney Parks and Resorts U.S., Inc.,其所屬的業務部門是 Partners Federal Credit Union。
Walt Disney Parks and Resorts U.S., Inc. 是提供平等就業機會的僱主。求職者都會獲得聘僱考量的機會,不分種族、宗教、膚色、生理性別、性傾向、社會性別、性別認同、性別表達、原國籍、血統、年齡、婚姻狀態、軍人或退伍軍人身份、醫療狀況、遺傳資訊或殘疾狀況、或者聯邦、州級或地方法律所禁止的其他任何基本特徵。Disney 提倡讓所有人的想法和決策都有助我們發展、創新、創造最好故事的商業環境,並與瞬息萬變的世界息息相關。
就業申請的殘疾便利安排
The Walt Disney Company 及其聯營公司是推動平等就業機會的僱主,歡迎所有求職者,包括殘疾人士及殘疾退伍軍人。如你是殘疾人士,並需要合理便利安排以搜尋職位空缺或申請職位,請將要求發送至Candidate.Accommodations@Disney.com。本電郵地址不擬用於一般僱傭查詢或通訊。我們只會回應與網上申請系統殘疾人士無障礙功能相關的要求。
遇到技術問題?查看常見問題以尋求協助。
招聘流程
-
您的故事從哪裡開始?
探索 Disney 職位空缺和 The Life at Disney 網誌,了解華特迪士尼公司有待發掘的所有精彩機會。
-
迪士尼的故事裏,有你更精彩成就迪士尼故事
有許多不同品牌和業務可供探索。當您找到適合您的機會後,請填寫您的申請,進行下一步。
-
下一章
申請後,您將收到一封電子郵件,讓您可存取應徵者控制面板。建立您的登入資料,並確保經常檢視您的控制面板,以查看申請進度。
探索此地點 佛羅里達州比尤納維斯塔湖
比尤納維斯塔湖是迪士尼之泉的零售、餐飲和娛樂綜合建築群、迪士尼颱風湖水上樂園、迪士尼布埃納文圖拉湖高爾夫球場的所在地,城市範圍內尚有數間度假村酒店。
相關工作
我們的文化
相關內容
-
-
-
-
福利 我們的福利
-
-
-
員工故事 Life at Disney 網誌
-
-
-
-
-
-
事業發展 求職者資源
-
多元、公平與包容 文化與價值觀 員工故事 工作與創新 學生及應屆畢業生 Life at Disney: Hong Kong Disneyland Resort
-
-
工作機會 員工故事 學生及應屆畢業生 A Dream to Perform Comes True for a Disney Intern at Hong Kong Disneyland
-
-
工作機會 員工故事 學生及應屆畢業生 A Dream to Perform Comes True for a Disney Intern at Hong Kong Disneyland
-
-
員工故事 學生及應屆畢業生 From Disney Internships to Beyond: Meet Three Hong Kong Disneyland Resort Cast Members Making an Impact
-
員工故事 學生及應屆畢業生 Disney Internships Lead to Magical Friendships and Careers at Hong Kong Disneyland Resort
-
-
-
-
-
-
-
-
-
-
-
-
登記收取職缺通知
即時收到最新的工作機會的資訊。
分享
連結會在新分頁中開啟。