AVP, Information Security
Descrição do cargo:
The AVP of Information Security is part of the organization's Enterprise Risk Management team and contributes to the enterprise-wide information security program to ensure that information assets are adequately protected. This role will help lead our organization's security initiatives and protect sensitive information assets by overseeing the development, implementation, and management of our information security program, ensuring compliance with industry regulations and best practices. You will collaborate with all levels of leadership and cross-functional teams to assess risks, enhance security measures, and respond to incidents effectively. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Position requires sound knowledge of business management and a working knowledge of information security practices, technologies, and control frameworks. Serves a vital role in assurance activities related to the availability, integrity and confidentiality of member, business partner, employee and business information in compliance with information security policies and standards. The AVP of Information Security must be highly knowledgeable about the business environment, possess the ability to successfully work with stakeholders to identify safe ways to empower business objectives, and ensure that information systems are maintained in a functional and secure manner.
Essential Responsibilities
Monitors essential processes to ensure compliance with policies, standards, practices and guidelines. Assists with information security compliance with applicable laws and regulations, regulatory requirements and policies and procedures, including but not limited to NCUA-748, GLBA, FACTA, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act (I.e., general banking industry regulatory requirements).
Capitalizes upon technical knowledge and executive presence in owning business relationships with executive and other leadership stakeholders in order to drive enhancements to the organizations security posture in line with broader strategic objectives.
Manage and execute the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.
Supports the IS program and other stakeholders in the management and oversight of Payment Cardholder Information Data Security Standards (PCI-DSS) compliance program, including identification of controls and validation and oversight of gap remediation. Supports successful audits of PCI program.
Support, in collaboration with IT department, the program for penetration testing, vulnerability assessments, social engineering testing, and other testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive member and company information; performs risk analysis and recommends remediation for deficiencies. Supports testing outputs and evolves reporting processes with the intent of improving the organizations view of information security risks.
Supports and/or manages Information Security risk management activities within the Risk Management division, including information security risk assessment, vendor reviews, life cycle management reviews, verification of asset inventories, third-party risk, and manages the remediation of identified gaps and issues.
Actively supports, in collaboration with IT and Training departments, the bank-wide/departmental information security training program. Maintains current knowledge of evolving information security risks, particularly cyber security, new and evolving trends with mitigation tools and changes to security regulations affecting financial institutions.
Develop and support information and access management initiatives (Data classification, segmentation, access schemes, enforcement of policy, etc.)
Builds and matures a culture focused on the proactive awareness and improvement of the security and risk environment. Supports information security and risk management awareness training programs for all employees, contractors and approved system users.
May support and/or perform the evaluation of internal control maturity against best practices and frameworks like NIST-CSF, PCI-DSS, ISO-27000 series, and other applicable information security frameworks.
Support the development, implementation, monitoring, and maintenance of information security policies, procedures, standards, and guidelines by reviewing for adequacy. This role will actively maintain and produce policies, procedures, and standards documents.
Provides reporting and measurements of program effectiveness and provides analysis to senior management. Will seek to evolve reporting and assessment practices and standards to effectively communicate information security posture and risk factors.
Support the management of and response to security incidents and events to protect corporate assets, including intellectual property, regulated data and reputation. May serve as an active participant and subject matter expert in regard to testing and live incidents.
Monitor the external and internal threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. This task may also involve opening tickets, writing summaries, and working with internal stakeholders to mitigate risks.
Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
Conducts user access reviews and other monitoring aspects of identity and access management.
Manage miscellaneous documentation, requests processing, training (new hire, employee awareness), and other projects as assigned.
Participates in regular team meetings, one-on-one meetings, as well as other department-level meetings with vendors and key stakeholders as needed.
Supports, produces, and maintains tracking metrics and reporting on information security risks, topics, and other related activity in conjunction with operational needs.
Prepares, communicates, and or delivers metrics-based information and presentations to both leadership and other areas of the organization as needed.
Maintains knowledge of industry trends, best practices, contemporary industry methodologies, and other related information. Serves as an SME to the organization at large.
Supports the strategic growth and operational evolution of the Department. May conduct formal/informal operational analysis, works with the broader security/risk team and leadership, and seeks continuous improvement in alignment with strategic plans.
Ensures and promotes the highest level of integrity within the scope of department operations, to include adherence to company policy, established laws, and regulatory guidelines.
Consciously creates a workplace culture that is consistent with the overall organizations and that emphasizes the identified mission, vision, guiding principles, and values of the organization.
Supports and drives information security initiatives and projects throughout the organization. Requires basic project management skills, the ability to prioritize tasks, and work closely with stakeholders.
Supports other Risk Management department programs and initiatives as needed. May serve on project teams, committees, and provide SME and advice to key stakeholders.
Manages and supports creation of new processes that help the organization facilitate information security related tasks sets, review processes, and operational efficiency.
Will be inquisitive, use effective interviewing skills and discovery techniques, in order to identify information security risks, determine mitigating efforts, and support business stakeholders in executing work efforts in a safe and secure manner.
Will train/cross-train with other information security team members to eliminate single points of operational failure and to promote a holistic information security program.
General Departmental and Administrative Duties (10% of time)
Supports the strategic agenda of Enterprise Risk management initiatives as well as the overall mission within the organization.
Assists with the implementation and administration of risk management programs.
Prepares reporting, dashboards, and scorecards as necessary to communicate key performance indicators related to Enterprise Risk.
Tracks corrective action related to Enterprise Risk and other matters as assigned.
Assists with completion of a variety of risk assessments, including managing and tracking requested information, distributing reports, and obtaining responses from management.
Assists with completion of a variety of third-party reviews, including audits, examinations, and independent testing including managing and tracking requested information, distributing reports, and obtaining responses from management.
Completes general administrative tasks such as time tracking and SAP entry, processing vendor invoices, general employee related tasks and functions, participation in company sponsored events and initiatives, etc.
Gives presentations regarding managed verticals or other relative information.
Education Level: Bachelor's Degree (required) AND Post-Graduate Degree (preferred)
Years of Relevant Work Experience: 5 to 10 years
Certifications, Licenses, Registrations
• Certified Information Systems Security Professional (CISSP) - Preferred
• Certified Information Security Manger (CISM) - Preferred
• Certified Information Systems Auditor (CISA) - Preferred
• Similar Credential is desired (CompTia, CEH, etc.) - Preferred
Other Training, Technical Skills, or Knowledge
• Financial Services – Strongly preferred
• Information Security/Cyber Security (5 – 10 years) - Required
• Degree in Computer Sciences, Business Administration or a technology-related field, and/or equivalent work or education related experience - Required
• Information Security program management experience (Holistic view) - Required
• Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint - Required
• Leadership experience and executive presence - Preferred
• Must show evidence of strong communication skills, ability lead and drive work efforts, and self-starter - Required
• Strong propensity for action and ownership of role (Lead from your seat / Must demonstrate accomplishments) - Required
• Prior experience supporting an active and effective control environment (I.e., audit, risk assessments, program maturity frameworks, etc.) - Required
• Must be proficient at writing, maintaining, and creating program documentation, such as policies, procedures, and standards. (Role requires technical writing skills) - Required
• Working knowledge of Enterprise Risk Management principles/frameworks (I.e., COSO, 3-Lines, Layered Security, etc.) - Preferred
Abilities and Behaviors:
In depth knowledge of information security frameworks, standards and guidelines, including NIST, FFIEC, and NCUA regulations and guidelines.
Must be able to manage multiple priorities effectively
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Proven track record and experience in assessing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.
Must not be a “box checker,” but must thrive in taking an active role in ownership.
Critical thinking skills, sound judgement, and ability to build trust with stakeholders.
Must possess effective writing skills and the ability to deliver presentations.
Excellent organizational skills, business acumen, and report/business writing skills
Mature demeanor with the ability to effectively self-manage.
Must possess appropriate level of technical skills, executive presence, ability to assess the control environment, while driving towards tangible results.
Ability to focus on delivery and achievement of strategic priorities.
Performance Standards:
Meet SLA’s relating to production standards & deadlines
Ability to support Risk Management projects & initiatives
Meet and abide by PFCU & Disney leadership standards and overall standards & conduct requirements
Knowledge and understanding of relevant legal and regulatory requirements (NCUA 748, GLBA, Guidelines for Safeguarding Member Information, Payment Card Industry/Data Security Standard, etc.).
Support and abide by related regulations and guidelines
Discretion / Latitude:
Requires critical thinking skills, sound judgement. There is a broader responsibility to the Risk Management department and overall Enterprise Risk initiatives.
Business / Work Environment:
Hybrid role requiring ability to effectively work-from-home with regular/occasional in-person meetings and work related obligation within a typical office environment with use of standard office equipment and tools.
The hiring range for this position is $140,000 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: https://jobs.disneycareers.com/benefits
Sobre o Partners Federal Credit Union:
Há mais de 50 anos, o Partners Federal Credit Union oferece a The Partners Difference para os nossos mais de 125.000 integrantes, com os mais altos níveis de serviço, valor, acesso e conveniência. Além disso, um conjunto completo de produtos financeiros que você encontrará nos maiores bancos, incluindo economia, verificação, empréstimos, gestão de patrimônio e o mais recente em acesso inovador à conta. E sempre com uma conexão exclusiva para a The Walt Disney Company que garante um nível de qualidade insuperável em serviços bancários. Os parceiros são, na verdade, funcionários Disney que atendem os funcionários Disney, criando um vínculo e compromisso genuínos com o serviço que nenhuma outra instituição financeira pode igualar. Junte-se e descubra que, no Partners, honramos a associação por toda a vida, porque os integrantes podem confiar em nós em cada etapa do serviço. E, por causa da nossa conexão com a The Walt Disney Company, cada pessoa que trabalha para o Partners também é um funcionário Disney.
Sobre The Walt Disney Company:
A The Walt Disney Company, juntamente com suas subsidiárias e afiliadas, é uma líder diversificada em entretenimento familiar e mídia internacional que inclui três segmentos principais de negócios: Disney Entertainment, ESPN e Disney Experiences. Desde seus primeiros passos como um estúdio de desenho animado na década de 1920 até se tornar o atual nome de destaque na indústria do entretenimento, a Disney orgulhosamente dá continuidade a seu legado de criação de histórias e experiências de padrão internacional para toda a família. As histórias, personagens e experiências da Disney tocam consumidores e visitantes de todas as partes do mundo. Com operações em mais de 40 países, nossos funcionários e colaboradores trabalham juntos para criar experiências de entretenimento adoradas por todos.
Esta vaga é oferecida junto à Walt Disney Parks and Resorts U.S., Inc., que é parte de um segmento de negócios que chamamos de Partners Federal Credit Union.
Walt Disney Parks and Resorts U.S., Inc. é um empregador de oportunidades iguais. Os candidatos serão selecionados para emprego independente de raça, religião, cor, sexo, orientação sexual, gênero, identidade de gênero, expressão de gênero, nacionalidade, ancestralidade, idade, estado civil, status militar ou de veterano, quadro clínico, informações genéticas ou deficiência, ou qualquer outro motivo proibido por lei federal, estadual ou local. A Disney defende um ambiente de negócios em que ideias e decisões de todas as pessoas nos ajudam a crescer, inovar, criar as melhores histórias e ser relevantes em um mundo em constante evolução.
ACOMODAÇÃO PARA PESSOAS COM NECESSIDADES ESPECIAIS PARA CANDIDATURAS A EMPREGO
The Walt Disney Company e suas afiliadas são empresas que oferecem oportunidades iguais de emprego e acolhem todos os candidatos a emprego, incluindo indivíduos com necessidades especiais e veteranos com necessidades especiais. Se você tem uma necessidade especial e acredita que precisa de uma acomodação razoável para buscar uma vaga de emprego ou se candidatar a um cargo, envie um e-mail para Candidate.Accommodations@Disney.com com sua solicitação. Este endereço de e-mail não se destina a consultas ou correspondências gerais de emprego. Responderemos apenas às solicitações relacionadas à acessibilidade do sistema de candidatura on-line devido a uma necessidade especial.
Está tendo problemas técnicos? Consulte as perguntas frequentes para obter ajuda.
Processo de contratação
-
Onde começa a sua história?
Explore o Disney Careers e o blog Life at Disney para saber mais sobre todas as oportunidades incríveis que esperam ser descobertas na The Walt Disney Company.
-
Seja parte da história
Há muitas marcas e empresas diferentes a serem exploradas. Depois de encontrar a oportunidade certa para você, dê o próximo passo preenchendo sua candidatura.
-
O próximo capítulo
Depois de se candidatar, você receberá um e-mail permitindo que acesse o painel do candidato. Crie seu login e lembre-se de verificar seu painel com frequência para ver o progresso de sua candidatura.
Conheça este local Lake Buena Vista, Flórida
O Lake Buena Vista é lar do complexo Disney Springs, com lojas, restaurantes e entretenimento, do Disney's Typhoon Lagoon Water Park, do campo de golfe Disney’s Lake Buena Vista e de vários hotéis resorts localizados na cidade.
Vagas relacionadas
NOSSA CULTURA
Conteúdo relacionado
-
-
-
-
Benefícios Nossos benefícios
-
-
-
Histórias de funcionários Blog Life at Disney
-
-
-
-
-
-
-
Desenvolvimento de carreira Recursos do candidato
-
Liderança executiva
Nossos executivos seniores trazem enorme experiência, pensamento visionário e um compromisso compartilhado com excelência, criatividade e inovação para a operação cotidiana da empresa.
Saiba mais -
Diversidade, igualdade e inclusão
Na Disney, temos o compromisso de criar um mundo melhor. Um mundo de pertencimento, em que cada pessoa se sinta vista, ouvida e compreendida. Um mundo cheio de esperança e promessa.
Saiba mais
Inscrever-se para receber alertas de vagas
Obtenha as oportunidades de emprego mais recentes assim que se tornarem disponíveis.
COMPARTILHAR
Links abertos em novas guias.