Manager, Information Security and Compliance

The Walt Disney Company

Lantau Island, Hong Kong
Permanent
Full-time

1 month ago

Job Posting Title: Manager, Information Security and ComplianceReq ID: 10079817Job Description:HKDL Information Security and Compliance Team is part of the line of business (LOB) Technology, Digital and Data (T&D). The team provides services to protect the value and use of Disney’s information through collaboration, standardization and enforcement across HKDL T&D.This role will be leading and driving the information security and compliance team in

delivering cyber security assurance and best practices oversight for HKDL T&D portfolio of products, platforms and services ecosystems, across complex multi-cloud, multi-partner environments.
working closely with global partners, internal T&D teams, other LOBs and external vendors
providing information security related advisory in accordance with corporate and segment standards, industry practices and external regulations.

Key ResponsibilitiesLeadershipSupervise and lead the information security and compliance team with a diverse of specialists and external vendors in

Planning and ensuring information security assessments are conducted on HKDL T&D applications according to corporate standards
fostering a sense of teamwork and collaboration while driving effective dialogue, spirit of continuous improvement, and team-oriented decision making
driving team to manage security risk metrics and end to end remediation
facilitating the internal or external audits, penetration testing, and red team activities relating to HKDL T&D
participating in information security incident response team to handle information security incidents, work closely with segment counterpart in conducting investigations, and prepare incident reports

PartnershipEngage with different internal and external stakeholders to craft successful strategies, with lots of partnership opportunities from local, global and external

Ensure effective communication with other T&D sub-teams and with other partners
Act as the focal contact point with US partners about information security and compliance in T&D
Best practices sharing and learnings with other sites, and working side-by-side with the global information security team
Collaborate with teams to establish appropriate measures to reduce the risk of both accidental and malicious data disclosure
Interactions with vendors to understand the new solutions in the marketplace and propose to management if needed

Result DrivenAct as the security architect and participate in architecture reviews to provide advisory and recommendation on information security related matters

Provide value added input/ consultancy to the business partners and internal teams in security architecture and driving security by design
Provide advice, recommendation and good practice in information security and compliance
In partnership with application teams and other stakeholders, define and support the implementation of appropriate remediation plans to address identified gaps
Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)

Project managementLead and drive cross-team information security programs

Maintain existing local managed privileged access management solution and develop a roadmap for additional capabilities
Identify, propose and oversee the implementation of cross-team information security related program
Providing leadership around any large-scale security & compliance projects created to execute remediation for any significant gaps identified, which may include the involvement of cross-functional teams

Business Savvy

Capable to position and drive security initiatives as a business enabler
Be the change champion and drive the others toward commitment to security
Able to define, formulate and implement security strategy and potential roadmap
Design and define security framework and architecture

Job Requirements

Bachelor’s Degree or above in Computer Science, Technology, Engineering, Information/ Cyber Security, or relevant disciplines
Minimum of 10 years working experience in information/ cyber security, IT audit/ governance/ compliance, technology risk management, or equivalent
Holder of at least one industry recognized certification in information security (CISSP, CISA, CISM, or equivalent.)
Prior experience in leading a team with solid understanding in information security and compliance related processes
Possess knowledge of cyber security principles, information security risk managements, information/ cybersecurity controls and reviews to ensure adequate controls and adherence to company’s information security policies and standards
Solid working experience in adopting security related framework/standards, such as PCI-DSS, Sarbanes Oxley (SOX), PDPO, GDPR, MITRE ATT&CK, etc.
Good knowledge in control related best practices e.g. NIST, ISO 27001, SSAE21, COBIT, ITIL, etc.
Knowledge of secure coding best practices, source code review, and internet threat vectors such as the OWASP top 10
Excellent written and verbal communication skills in English and Chinese, with the ability to communicate technical topics to management and non-technical audiences
Strong collaboration and interpersonal skills
Strong problem solving, decision making, and analytical skills
Attention to details, self-motivated and a good team player

HKProfessional #LI-AI1Job Posting Segment: Technology & DigitalJob Posting Primary Business: Technology & Digital (HKDL)Primary Job Posting Category: Security OperationsEmployment Type: Full timePrimary City, State, Region, Postal Code: Lantau Island, Hong KongAlternate City, State, Region, Postal Code:Date Posted: 2024-03-22

The Walt Disney Company

Apply Now