Manager, Information Security and Compliance
The Walt Disney Company
- Lantau Island, Hong Kong
- Permanent
- Full-time
- delivering cyber security assurance and best practices oversight for HKDL T&D portfolio of products, platforms and services ecosystems, across complex multi-cloud, multi-partner environments.
- working closely with global partners, internal T&D teams, other LOBs and external vendors
- providing information security related advisory in accordance with corporate and segment standards, industry practices and external regulations.
- Planning and ensuring information security assessments are conducted on HKDL T&D applications according to corporate standards
- fostering a sense of teamwork and collaboration while driving effective dialogue, spirit of continuous improvement, and team-oriented decision making
- driving team to manage security risk metrics and end to end remediation
- facilitating the internal or external audits, penetration testing, and red team activities relating to HKDL T&D
- participating in information security incident response team to handle information security incidents, work closely with segment counterpart in conducting investigations, and prepare incident reports
- Ensure effective communication with other T&D sub-teams and with other partners
- Act as the focal contact point with US partners about information security and compliance in T&D
- Best practices sharing and learnings with other sites, and working side-by-side with the global information security team
- Collaborate with teams to establish appropriate measures to reduce the risk of both accidental and malicious data disclosure
- Interactions with vendors to understand the new solutions in the marketplace and propose to management if needed
- Provide value added input/ consultancy to the business partners and internal teams in security architecture and driving security by design
- Provide advice, recommendation and good practice in information security and compliance
- In partnership with application teams and other stakeholders, define and support the implementation of appropriate remediation plans to address identified gaps
- Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)
- Maintain existing local managed privileged access management solution and develop a roadmap for additional capabilities
- Identify, propose and oversee the implementation of cross-team information security related program
- Providing leadership around any large-scale security & compliance projects created to execute remediation for any significant gaps identified, which may include the involvement of cross-functional teams
- Business Savvy
- Capable to position and drive security initiatives as a business enabler
- Be the change champion and drive the others toward commitment to security
- Able to define, formulate and implement security strategy and potential roadmap
- Design and define security framework and architecture
- Bachelor’s Degree or above in Computer Science, Technology, Engineering, Information/ Cyber Security, or relevant disciplines
- Minimum of 10 years working experience in information/ cyber security, IT audit/ governance/ compliance, technology risk management, or equivalent
- Holder of at least one industry recognized certification in information security (CISSP, CISA, CISM, or equivalent.)
- Prior experience in leading a team with solid understanding in information security and compliance related processes
- Possess knowledge of cyber security principles, information security risk managements, information/ cybersecurity controls and reviews to ensure adequate controls and adherence to company’s information security policies and standards
- Solid working experience in adopting security related framework/standards, such as PCI-DSS, Sarbanes Oxley (SOX), PDPO, GDPR, MITRE ATT&CK, etc.
- Good knowledge in control related best practices e.g. NIST, ISO 27001, SSAE21, COBIT, ITIL, etc.
- Knowledge of secure coding best practices, source code review, and internet threat vectors such as the OWASP top 10
- Excellent written and verbal communication skills in English and Chinese, with the ability to communicate technical topics to management and non-technical audiences
- Strong collaboration and interpersonal skills
- Strong problem solving, decision making, and analytical skills
- Attention to details, self-motivated and a good team player