The Walt Disney Company Manager, Vulnerability Management in Glendale, California

At Disney, we‘re storytellers. We make the impossible, possible. We do this through utilizing and developing cutting-edge technology and pushing the envelope to bring stories to life through our movies, products, interactive games, parks and resorts, and media networks. Now is your chance to join our talented team that delivers unparalleled creative content to audiences around the world.

Enterprise Vulnerability Management ensures that IP-enabled devices connected to TWDC’s networks and used for conducting and delivering Disney business are known, secure and managed to an acceptable risk level. Vulnerability Management programs protect TWDC intellectual property and data by ensuring servers are compliant with:

  • IT Security Policies and Standards

  • Data Handling Standards

  • Minimum Security Baselines

  • Industry and vendor-specific vulnerabilities

The Enterprise Vulnerability Management team is responsible for the full cycle of vulnerability management across all segments of The Walt Disney Company. Infrastructure and application vulnerabilities are assessed within the context of the technologies used at TWDC. Risk-based remediation activities identified and coordinated across diverse stakeholders company-wide. Server compliance is monitored via periodic scans from various IT Security tools. Areas of non-compliance identified and documented.

Information Security Manager, Vulnerability Management Programs will have direct responsibility for leading the delivery of services that support the Global Information Security Vulnerability Management program. He or she provides functional program management and helps develop the strategy of the GIS vulnerability management program in the larger context of ensuring all IP-enabled devices are known, secure, and managed to an acceptable risk-level across The Walt Disney Company. Primary responsibilities include:

  • Program strategy and development: participates in development of enterprise vulnerability management strategy, program alignment, and service expansion

  • Vulnerability management program: oversees regular execution of vulnerability management cycle; includes coordination of remediation management, workflow development, collaborative partner relationships, and escalates when appropriate to ensure effective removal of vulnerabilities from technology services

  • Critical vulnerability remediation: leads coordination of enterprise-wide expedited remediation efforts for critical vulnerabilities

  • Problem Management: Ensures vulnerability remediation meets targets and, where unsuccessful, drives effective diagnosis and resolution of obstacles and problems

  • Measurement and reporting: Manage development and delivery of enterprise device security risk index, key performance indicators, and operational program metrics

  • Continuous Improvement: Analyzes, prioritizes, recommends, and drives implementation of program-level improvement opportunities that increase effectiveness or efficiency of vulnerability management activities

  • Apply project management expertise across multiple segment vulnerability management programs; mentors matrixed team toward consistent approach

This position with coordinate and work closely with other teams across TWDC, including compliance managers, security liaisons, application and business groups, and suppliers to ensure the consistent and successful remediation of vulnerabilities across The Walt Disney Company. The superior candidate will actively seek opportunities to expand program offerings and improve effectiveness. This position will actively socialize Information Security and vulnerability management, encouraging a community of best practice throughout our partner base.

Responsibilities :

  • Program strategy and development: participates in development of enterprise vulnerability management strategy, program alignment, and service expansion

  • Vulnerability management program: oversees regular execution of vulnerability management cycle; includes coordination of remediation management, workflow development, collaborative partner relationships, and escalates when appropriate to ensure effective removal of vulnerabilities from technology services

  • Critical vulnerability remediation: leads coordination of enterprise-wide expedited remediation efforts for critical vulnerabilities

  • Problem Management: Ensures vulnerability remediation meets targets and, where unsuccessful, drives effective diagnosis and resolution of obstacles and problems

  • Measurement and reporting: Manage development and delivery of enterprise device security risk index, key performance indicators, and operational program metrics

  • Continuous Improvement: Analyzes, prioritizes, recommends, and drives implementation of program-level improvement opportunities that increase effectiveness or efficiency of vulnerability management activities

  • Project Management: Apply project management expertise across multiple segment vulnerability management programs; mentors matrixed team toward consistent approach

  • Personnel Management: task and performance management of contracted resources

Basic Qualifications :

  • Minimum of 5+ years in Information Security or Information Technology Field

  • 3 - 5 years of high performance team management

  • Experience managing employees directly and in a matrix environment

  • 3 - 5 years of program and project management experience

  • 5+ years of program and project management experience

  • Some experience with SQL languages (SQL, T-SQL) with advanced analytic SQL functions skills on the Microsoft SQL Server database platform

  • Expert project/program management and prioritization skills

  • Excellent planning and organization skills. Ability to focus/align tasks around critical initiatives in a time effective manner

  • Excellent verbal, written, presentation, and public speaking skills

  • Understands ITIL and general service management

  • Knowledge and experience with configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.).

  • Expert project/program management and prioritization skills

  • Excellent planning and organization skills. Ability to focus/align tasks around critical initiatives in a time effective manner

  • Excellent verbal, written, presentation, and public speaking skills

  • Experience with implementation and use of knowledge management; documentation review and improvement

  • Consistently is seen as a leader across organization boundaries and has well established influence with other organizations across the company.

  • Ability to build and maintain constructive working and communications relationships with a diverse community of technical and non-technical audiences.

  • Knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments.

  • Knowledge of business process and technical requirement development

  • Ability to articulate information security management requirements and design process frameworks

  • Ability to develop and deliver presentations providing internal training on vulnerability management matters

  • SharePoint administration, Excel, PowerPoint

  • Ability to work in large global environments spanning multiple time-zones

  • Proven track record of successfully managing and implementing IT programs and projects; prefer security-based

  • High standard of performance, attention to detail and commitment to excellence

  • Demonstrated initiative and good judgment

  • Self-starter with leadership skills and the ability to manage multiple tasks concurrently with good follow-up and follow-through

  • Proven ability to manage teams with experience developing positive mentor relationships and a balanced team skill inventory

  • Strong analytical, organizational and decision-making skills

  • Strong negotiation skills

  • Ability to travel as required

  • ITILv3 Foundations/+ certification

Required Education :

  • BA/BS/MA/MS in computer science, engineering or business-related field from accredited school or equivalent experience preferred.

Company Overview :

At Corporate, you’ll team with the best in the business to build one of the most innovative global businesses in any industry. Uniquely positioned at the center of an exciting, multi-faceted Company, the forward-thinkers at Disney Corporate constantly pursue new ideas and technologies to help the Company’s many businesses drive value, all the while gaining something valuable from the experience themselves. Come see the most interesting Company from the most interesting point of view.

Additional Information :

  • This position is a legal entity of The Walt Disney Company, an equal opportunity employer.

Job ID: 473052BR

Location: Glendale,California

Job Posting Company: The Walt Disney Company (Corporate)