DevSecOps engineer at Ford ensuring secure software development and compliance with security standards. Collaborating with teams to embed security practices and assess vulnerabilities in software delivery.
TC
Hybrid Manager, Information Security Compliance
Posted 4 months ago
About the role
- Manager for Information Security Compliance at Disney overseeing compliance programs and team operations. Responsible for audit support, systems scoping, and team management in cybersecurity.
Responsibilities
- Independent audit support for: SOX 404 ITGCs PII PCI ISPS
- Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs.
- Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments.
- Develop and lead the Control Assurance Programs (ISPS and SOX).
- Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding.
- Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company’s automated controls.
- This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control.
- Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment.
- Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products)
- Ensure for timely management response of audit findings into our corporate SOCD/SAD.
- Oversee ISPS Management Audit coordination and open action plans.
- Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands.
- Management of GRC workflows around coordination of certifications and attestations.
- Partner with leadership to support the PCI-DSS compliance program.
- Develop training materials, coordinate training sessions, and monitor compliance with training requirements.
- Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently.
- Assign tasks and projects to team members based on priorities, deadlines, and individual strengths.
- Provide executive level updates on Compliance programs
Requirements
- Minimum of 8 years of related work experience, with 3 in management roles
- IT SOX experience and proven experience in supporting IT audit/compliance functions
- Experience in managing people
- Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives
- Interpersonal skills with the ability to work with teams cross-functionally
- Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators
- Detail-oriented but able to understand the big picture.
- Highly organized and efficient
- Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments
- Experience with cloud-based services, specifically AWS
Benefits
- A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Security Officer responsible for ensuring safety and security at the Genesee Brewing Company. Monitoring premises, responding to emergencies, and providing visitor assistance during shifts.
Security Estimator creating estimates and proposals for security projects at LINX. Collaborating with engineering and sales teams for system design and client relationships.
Product Security Architect at Expedia designing secure architecture for services and APIs. Collaborating with teams to guide secure practices and integrate AI - driven solutions.
IT Security Officer overseeing information security for a specific IT sector at Desjardins. Collaborating with cross - sector teams and managing information security risks and vulnerabilities.
Associate, Information Security professional at Santander focusing on Vulnerability Management and network security exposure. Collaborating with teams to enhance security posture and manage technology risks.
IAM Security & Technology Governance person driving IAM technical program with cutting - edge technology to improve security posture at MUFG. Manage IAM requirements, standards, governance and solutions across global implementation.
Senior Analyst in Mastercard's newly created Vocalink Control Office supporting control testing across Security domains. Ensuring a strong control environment and identifying gaps for improvement.
Senior Analyst focusing on Information Security and Compliance at Cirque du Soleil. Engaging in threat analysis and improvement of security tools and processes, within a creative company culture.
Security Architect designing and implementing cybersecurity architectures for UK Defence projects. Collaborating with stakeholders to safeguard client data against cyber threats.