M+E Technology Job Board

Senior Manager, Content & Information Security (Site Security)

  • Full Time
  • Glendale, CA
  • Applications have closed

Walt Disney Studios

Job Summary:
The Sr. Manager, Content & Information Security (Site Security) reports into the Director of Content & Information Security at The Walt Disney Studios based in Glendale, CA and is responsible for the management of all security assessment programs (application, cloud, facilities) in support of Studio Content & Information Security services.


Develop strategy and manage key programs including, but are not limited to: (1) Application & Cloud Security (2) Regulatory Compliance Requirements (e.g., PCI, SOX, GDPR, etc…) (3) Business Operations related to Business Continuity Planning and Disaster Recovery (4) Onsite Security (5) Third-party Security
Actively manage the application, cloud and facility security pipeline and provide updates to senior management
Serve as a Subject Matter Expert providing technical guidance around security best practices encompassing both application and cloud environments, and facilities
Provide technical solutions to internal and external business units with an emphasis around secure network architecture and hardening best practices
Drives the continued improvement of existing program-based documentation (e.g. standards, process, and communications)
Development and management of security controls and associated risks
Socialize programs internally, including the development of executive-level presentations, and externally with key partners
Lead security programs with an emphasis on digital security, physical security, reliability, information assurance, and related processes
Formally define baseline Studio security requirements by leading development of Application, Cloud and Facility Security frameworks
Manage all aspects of the evaluation lifecycle, including planning, fieldwork, reporting and archiving
Evaluate and test business processes / controls and identify areas of risk, and develop mitigation plans
Oversee day-to-day­­ teams’ operation and performance
Monitor team performance and report on metrics to the Vice President
Delegate tasks and set project deadlines
Apply current knowledge of IT trends and systems processes to identify security and risk management issues and opportunities for improvement
Provide high quality, comprehensive and accurate reports to assess, document, and communicate results of security evaluations
Work with internal assurance teams and business unit stakeholders to assess vendor evaluation strategy, cloud strategy, define objectives, and address technology-related controls risks and issues
Act as Application / Cloud Information Security subject matter expert to vendors and in-house personnel
Develop and deliver training materials and perform general security awareness and specific security technology training
Evaluate and recommend new and emerging security products and technologies
Willingness to travel up to 25% domestically and internationally

Basic Qualifications:

10+ years managing risk management functions for large-multinational corporations
7+ years of experience in information security and/or the following areas: security architecture, security engineering, system and network security, authentication and protocols, cryptography, and application security
5+ years of experience with cloud technologies
Advanced knowledge of cloud security and infrastructure environments for top tier cloud providers (AWS, Azure, GCP)
Experience with service-oriented architecture and web services security
Broad technology expertise with application, system integration, data, and infrastructure knowledge
Prior experience working with and managing global teams
Prior experience in an architecture, development, engineering, or senior technical role
Prior experience in the entertainment industry preferred
Ability to work in a highly distributed matrixed environment
Ability to adapt to new technologies and trends
Prior audit experience is a plus
CISSP, CISA/CISM, or CEH designation required
Broad technical skills in conducting security assessment against established security frameworks (e.g., ISO 17799/27002, PCI, MPAA)
Broad technology expertise with application, system integration, data, and/or infrastructure knowledge
Strong understanding of secure network principles of perimeter devices, servers, and workstations
Working knowledge of configuring and maintaining firewalls and network switching / routing devices (e.g., Palo Alto, Sonicwall, Fortinet, Brocade, Cisco, HP)
Network architecture and layer 2 and Layer 3 routing principles
Vulnerability scanning, SIEM and common methods of exploiting vulnerabilities
Endpoint protection and Data Loss Prevention solutions
Secure configuration of Linux, Windows, and Mac based servers and endpoints
LAN, WAN, TCP/IP connectivity and security protocols (Point-to-Point, MPLS, VPN)
Wireless authentication standards (802.1x)
Directory Services (e.g., Active Directory, Open Directory, LDAP)
Storage solutions (e.g., SAN, NAS, encrypted storage mechanisms)
Digital transfer tools (e.g., Aspera, Signiant)
OS hardening best practices for both servers and workstations
Computer investigation processes and techniques
Experience in the following would be beneficial:
Knowledge of studio IT systems, including production and post-productions environments
Thorough knowledge of feature film production and post-production industries, services, and workflows (e.g., DI, editing, visual/audio effects, encoding, on-set support)
Certifications in one or more of the following required – AWS, CCNP, CISSP, CISM, CISA, CEH, ITIL, VCP, VCAP
Experience evaluating physical and digital security protocols at facilities
Must have strong communication (written and verbal, including presentation) and listening skills
Experience in technical project management/leading large scale technology initiatives
Strong analytical, organizational and decision-making skills
Strong negotiation skills

Required Education

Bachelor’s degree in Computer Science, Information Systems, IT Engineering, or a related field