メインコンテンツにスキップ
BE YOU. BE HERE. BE PART OF THE STORY.

AVP, Information Security

ジョブID 10105768 勤務地を選択 Lake Buena Vista, フロリダ州, アメリカ合衆国 企業名 Partners Federal Credit Union 掲載日 Nov. 14, 2024
今すぐ応募

仕事内容:

The AVP of Information Security is part of the organization's Enterprise Risk Management team and contributes to the enterprise-wide information security program to ensure that information assets are adequately protected. This role will help lead our organization's security initiatives and protect sensitive information assets by overseeing the development, implementation, and management of our information security program, ensuring compliance with industry regulations and best practices. You will collaborate with all levels of leadership and cross-functional teams to assess risks, enhance security measures, and respond to incidents effectively. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Position requires sound knowledge of business management and a working knowledge of information security practices, technologies, and control frameworks. Serves a vital role in assurance activities related to the availability, integrity and confidentiality of member, business partner, employee and business information in compliance with information security policies and standards. The AVP of Information Security must be highly knowledgeable about the business environment, possess the ability to successfully work with stakeholders to identify safe ways to empower business objectives, and ensure that information systems are maintained in a functional and secure manner.

Essential Responsibilities

  • Monitors essential processes to ensure compliance with policies, standards, practices and guidelines. Assists with information security compliance with applicable laws and regulations, regulatory requirements and policies and procedures, including but not limited to NCUA-748, GLBA, FACTA, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act (I.e., general banking industry regulatory requirements).

  • Capitalizes upon technical knowledge and executive presence in owning business relationships with executive and other leadership stakeholders in order to drive enhancements to the organizations security posture in line with broader strategic objectives. 

  • Manage and execute the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.

  • Supports the IS program and other stakeholders in the management and oversight of Payment Cardholder Information Data Security Standards (PCI-DSS) compliance program, including identification of controls and validation and oversight of gap remediation. Supports successful audits of PCI program.

  • Support, in collaboration with IT department, the program for penetration testing, vulnerability assessments, social engineering testing, and other testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive member and company information; performs risk analysis and recommends remediation for deficiencies. Supports testing outputs and evolves reporting processes with the intent of improving the organizations view of information security risks.

  • Supports and/or manages Information Security risk management activities within the Risk Management division, including information security risk assessment, vendor reviews, life cycle management reviews, verification of asset inventories, third-party risk, and manages the remediation of identified gaps and issues.

  • Actively supports, in collaboration with IT and Training departments, the bank-wide/departmental information security training program. Maintains current knowledge of evolving information security risks, particularly cyber security, new and evolving trends with mitigation tools and changes to security regulations affecting financial institutions.

  • Develop and support information and access management initiatives (Data classification, segmentation, access schemes, enforcement of policy, etc.) 

  • Builds and matures a culture focused on the proactive awareness and improvement of the security and risk environment. Supports information security and risk management awareness training programs for all employees, contractors and approved system users.

  • May support and/or perform the evaluation of internal control maturity against best practices and frameworks like NIST-CSF, PCI-DSS, ISO-27000 series, and other applicable information security frameworks.

  • Support the development, implementation, monitoring, and maintenance of information security policies, procedures, standards, and guidelines by reviewing for adequacy. This role will actively maintain and produce policies, procedures, and standards documents. 

  • Provides reporting and measurements of program effectiveness and provides analysis to senior management. Will seek to evolve reporting and assessment practices and standards to effectively communicate information security posture and risk factors.

  • Support the management of and response to security incidents and events to protect corporate assets, including intellectual property, regulated data and reputation. May serve as an active participant and subject matter expert in regard to testing and live incidents.

  • Monitor the external and internal threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. This task may also involve opening tickets, writing summaries, and working with internal stakeholders to mitigate risks.

  • Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.

  • Conducts user access reviews and other monitoring aspects of identity and access management.

  • Manage miscellaneous documentation, requests processing, training (new hire, employee awareness), and other projects as assigned.

  • Participates in regular team meetings, one-on-one meetings, as well as other department-level meetings with vendors and key stakeholders as needed.

  • Supports, produces, and maintains tracking metrics and reporting on information security risks, topics, and other related activity in conjunction with operational needs.   

  • Prepares, communicates, and or delivers metrics-based information and presentations to both leadership and other areas of the organization as needed. 

  • Maintains knowledge of industry trends, best practices, contemporary industry methodologies, and other related information.  Serves as an SME to the organization at large.

  • Supports the strategic growth and operational evolution of the Department. May conduct formal/informal operational analysis, works with the broader security/risk team and leadership, and seeks continuous improvement in alignment with strategic plans.

  • Ensures and promotes the highest level of integrity within the scope of department operations, to include adherence to company policy, established laws, and regulatory guidelines.

  • Consciously creates a workplace culture that is consistent with the overall organizations and that emphasizes the identified mission, vision, guiding principles, and values of the organization.

  • Supports and drives information security initiatives and projects throughout the organization. Requires basic project management skills, the ability to prioritize tasks, and work closely with stakeholders.  

  • Supports other Risk Management department programs and initiatives as needed. May serve on project teams, committees, and provide SME and advice to key stakeholders.

  • Manages and supports creation of new processes that help the organization facilitate information security related tasks sets, review processes, and operational efficiency.

  • Will be inquisitive, use effective interviewing skills and discovery techniques, in order to identify information security risks, determine mitigating efforts, and support business stakeholders in executing work efforts in a safe and secure manner. 

  • Will train/cross-train with other information security team members to eliminate single points of operational failure and to promote a holistic information security program. 

General Departmental and Administrative Duties (10% of time)

  • Supports the strategic agenda of Enterprise Risk management initiatives as well as the overall mission within the organization.

  • Assists with the implementation and administration of risk management programs. 

  • Prepares reporting, dashboards, and scorecards as necessary to communicate key performance indicators related to Enterprise Risk.

  • Tracks corrective action related to Enterprise Risk and other matters as assigned.

  • Assists with completion of a variety of risk assessments, including managing and tracking requested information, distributing reports, and obtaining responses from management.

  • Assists with completion of a variety of third-party reviews, including audits, examinations, and independent testing including managing and tracking requested information, distributing reports, and obtaining responses from management.

  • Completes general administrative tasks such as time tracking and SAP entry, processing vendor invoices, general employee related tasks and functions, participation in company sponsored events and initiatives, etc.

  • Gives presentations regarding managed verticals or other relative information.

Education Level:  Bachelor's Degree (required)   AND    Post-Graduate Degree (preferred)

Years of Relevant Work Experience:   5 to 10 years

Certifications, Licenses, Registrations 

•   Certified Information Systems Security Professional (CISSP) - Preferred

•   Certified Information Security Manger (CISM) - Preferred            

•   Certified Information Systems Auditor (CISA) - Preferred

•   Similar Credential is desired (CompTia, CEH, etc.)  - Preferred     

Other Training, Technical Skills, or Knowledge

•   Financial Services – Strongly preferred                 

•   Information Security/Cyber Security  (5 – 10 years) - Required    

•   Degree in Computer Sciences, Business Administration or a technology-related field, and/or equivalent work or education related experience - Required

•   Information Security program management experience (Holistic view) - Required  

•   Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint - Required

•   Leadership experience and executive presence - Preferred

•   Must show evidence of strong communication skills, ability lead and drive work efforts, and self-starter - Required

•   Strong propensity for action and ownership of role (Lead from your seat / Must demonstrate accomplishments)          - Required

•   Prior experience supporting an active and effective control environment (I.e., audit, risk assessments, program maturity frameworks, etc.) - Required

•   Must be proficient at writing, maintaining, and creating program documentation, such as policies, procedures, and standards. (Role requires technical writing skills) - Required

•   Working knowledge of Enterprise Risk Management principles/frameworks (I.e., COSO, 3-Lines, Layered Security, etc.)  - Preferred

Abilities and Behaviors:

  • In depth knowledge of information security frameworks, standards and guidelines, including NIST, FFIEC, and NCUA regulations and guidelines.

  • Must be able to manage multiple priorities effectively

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

  • Proven track record and experience in assessing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.

  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

  • High degree of initiative, dependability and ability to work with little supervision.

  • Must not be a “box checker,” but must thrive in taking an active role in ownership.

  • Critical thinking skills, sound judgement, and ability to build trust with stakeholders.

  • Must possess effective writing skills and the ability to deliver presentations.

  • Excellent organizational skills, business acumen, and report/business writing skills

  • Mature demeanor with the ability to effectively self-manage.

  • Must possess appropriate level of technical skills, executive presence, ability to assess the control environment, while driving towards tangible results. 

  • Ability to focus on delivery and achievement of strategic priorities.

Performance Standards: 

  • Meet SLA’s relating to production standards & deadlines

  • Ability to support Risk Management projects & initiatives

  • Meet and abide by PFCU & Disney leadership standards and overall standards & conduct requirements

  • Knowledge and understanding of relevant legal and regulatory requirements (NCUA 748, GLBA, Guidelines for Safeguarding Member Information, Payment Card Industry/Data Security Standard, etc.).

  • Support and abide by related regulations and guidelines

Discretion / Latitude:   

Requires critical thinking skills, sound judgement.  There is a broader responsibility to the Risk Management department and overall Enterprise Risk initiatives. 

Business / Work Environment:  

Hybrid role requiring ability to effectively work-from-home with regular/occasional in-person meetings and work related obligation within a typical office environment with use of standard office equipment and tools. 

The hiring range for this position is $140,000 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: https://jobs.disneycareers.com/benefits

今すぐ応募

Partners Federal Credit Unionについて:

50年以上の間、Partners Federal Credit Unionは125,000人を超えるお客様に、アクセス性に優れ便利な高品質のPartners Differenceサービスを提供してきました。さらに、普通預金、当座預金、ローン、資産管理、最新の革新的な口座アクセス等、メガバンク並の多彩な金融商品も提供しています。また、銀行サービスにおいて群を抜く品質の良さを誇るThe Walt Disney Companyにいつでもご連絡いただける特別サービスもご利用いただけます。Partnersは、キャストにサービスを提供する真のキャストであり、他の金融機関にはないつながりと高品質のサービスを提供します。Partnersに加入して、一生の会員資格を得ませんか。私たちは会員の皆さまを、人生のあらゆるステージにおいて真心を尽くしサポートいたします。また、The Walt Disney Companyとの連携により、Partnersんお従業員は全員Disneyのキャストとなります。

The Walt Disney Company について:

The Walt Disney Companyは、その子会社・関連会社とともに、多様性あふれる国際企業として、Disney Entertainment、ESPN、Disney Experiencesの3事業を柱に、ファミリー向けエンターテインメントとメディアの世界をけん引しています。1920年代に小さなアニメ・スタジオとしてスタートしたDisneyは、今日のエンターテインメント業界において卓越した存在となりました。ディズニーは今後も、子供から大人まで、ご家族のだれもが楽しめる一流の物語や体験を生み出し続けます。Disneyのストーリーやキャラクター、体験は、世界中のあらゆる場所の消費者やお客様に届けられています。当社は40カ国以上で、従業員とキャストメンバーが一丸となり、世界的にも地域的にも歓迎されるエンターテインメント体験を創出しています。

このポジションはWalt Disney Parks and Resorts U.S., Inc.という事業部門の一つであるPartners Federal Credit Unionでのお仕事です。

Walt Disney Parks and Resorts U.S., Inc. は機会均等雇用主です。応募者は、人種、宗教、肌の色、性別、性的指向、ジェンダー、性自認、性表現、国籍、家柄、年齢、配偶者の有無、軍役経験の有無やその地位、健康状態、遺伝情報や障がい、または連邦法や州法、地方法で禁止されているその他の法的根拠に関係なく、雇用の検討対象となります。Disneyは、すべての人々のアイデアと決断が、成長、革新、最高のストーリーの創造に役立ち、絶えず進化する世界において、価値ある存在になれるよう支援するビジネス環境を支持します。

求人応募における障害者への配慮

ウォルト・ディズニー・カンパニーと関係会社は、「雇用機会均等」企業であり、身体障害者や障害のある退役軍人をはじめ、あらゆる求職者の応募を歓迎します。障害を抱え、求人探しや応募のために妥当な宿泊施設が必要な場合は、メールにてご要望をお知らせください(Candidate.Accommodations@Disney.com宛)。このメールアドレスは、通常の雇用照会や連絡用ではありません。障害を理由とするオンライン応募利用に関するご要望にのみ対応いたします。

技術的な問題がある場合は、「よくあるご質問」をご覧ください。

採用プロセス

  • あなたのストーリーはどこから始まりますか?

    Disney CareersやLife at Disneyブログを探索し、ウォルト・ディズニー・カンパニーで待っている素晴らしい機会について学びましょう。

  • ストーリーに参加する

    探索できるさまざまなブランドやビジネスがあります。自分に合った機会を見つけたら、次のステップとして応募を完了させましょう。

  • 次の章

    応募が完了すると、候補者ダッシュボードへのアクセス方法が記載されたメールが届きます。ログインIDを作成し、ダッシュボードを頻繁にチェックして、応募の進捗状況を確認するようにしてください。

この場所を探索する フロリダ州レイクブエナビスタ

レイク・ブエナ・ビスタには、ディズニー・スプリングスという小売店やレストラン、エンターテイメント施設があり、ディズニー・タイフーン・ラグーン・ウォーターパーク、ディズニー・レイク・ブエナビスタ・ゴルフコース、複数のリゾートホテルなどが市内にあります。

ウォルト・ディズニー・カンパニーの文化

  • エグゼクティブ/上級管理職

    ディズニーの上級管理職は、素晴らしい経験、先見的思考、そして卓越性、創造性、革新性に対する共通のコミットメントを日々の業務に生かしています。

    詳細はこちら 
  • 多様性、公平性、包摂性

    ディズニーは、より良い世界となるよう全力を注いでいます。それは、一人ひとりが「配慮されている」「話に耳を傾けられている」「理解されている」と感じることのできる、誰もが居場所のある世界であり、 希望と期待に満ちた世界です。

    詳細はこちら 

ジョブアラートに登録

新しい採用情報を随時掲載しています。

ジョブアラートに登録する

*は必須項目です。

興味のある内容選択リストから業種/カテゴリーを選択してください。選択リストから勤務地を選択してください。最後に「追加」をクリックして、ジョブアラートを作成します。

「送信」をクリックすると、当社の利用規約(新しいウィンドウで開きます)に同意し、当社のプライバシーポリシー(新しいウィンドウで開きます)を承諾したことになります。

「送信」をクリックすると、当社の利用規約(新しいウィンドウで開きます)に同意し、当社のプライバシーポリシー(新しいウィンドウで開きます)を承諾したことになります。マーケティングメッセージやニュースレターの受信を選択した場合、私は、いつでもこれらのマーケティングメッセージに対する同意を撤回することができます。

「送信」をクリックすると、当社の利用規約(新しいウィンドウで開きます)に同意し、当社のプライバシーポリシー(新しいウィンドウで開きます)クッキーポリシー(新しいウィンドウで開きます)EUのプライバシー権(新しいウィンドウで開きます)を承諾したことになります。

個人情報及び個人の権利の取り扱いについて:

  1. お客様の個人情報は、3 Queen Caroline Street, London, W6 9PE, United Kingdomにあるウォルト・ディズニー・カンパニー株式会社によって管理されます。
  2. ディズニーへの訪問やそこでの買い物、ディズニーの商品、サービス、モバイルアプリをご利用いただくと、ウォルト・ディズニー・カンパニーファミリー企業がお客様の個人情報を用いてこれらのサービスを提供したり、お客様の体験をパーソナライズしたり、サービスに関わる更新情報や連絡をお送りしたりする場合があります。
  3. お客様には、ご自身の個人情報に対して、アクセスや、変更・削除の要請をする権利、マーケティングに関する設定を変更(常時の同意撤回も含む)する権利があります。マーケティングに関する設定の管理やアカウントの削除に関する詳細は、弊社のプライバシーポリシー(新しいウィンドウで開きます)をご覧ください。
  4. 当社のデータ保護責任者にEメールにてご連絡いただくことも可能です(dataprotection@disney.co.uk宛)。
  5. お客様は、英国個人情報保護監督機関(https://ico.org.uk/(新しいウィンドウで開きます))に苦情を申し立てる権利を有しています。
  6. ディズニーのデータ収集とその利用方法についての詳細は、ディズニーのプライバシーポリシー(新しいウィンドウで開きます)をお読みください。

当社の一般的なデータ収集、使用、および慣行に関する詳細情報(お客様の設定の管理方法を含む)については、当社のプライバシーポリシー(新しいウィンドウで開きます)をお読みください。私は利用規約(新しいウィンドウで開きます)を読み、これに同意します。

Privacy Policy Agreement

Privacy Policy Agreement

Privacy Policy Agreement

Privacy Policy Agreement

Privacy Policy Agreement