Director, Cloud Security Engineering

Disney Parks, Experiences and Products - Bay Lake, FL4.6

Full-timeEstimated: $120,000 - $150,000 a year
“We create happiness.” That’s our motto at Walt Disney Parks and Resorts. And it permeates everything we do. At Disney, you’ll help inspire that magic by enabling our teams to push the limits of entertainment and create the never-before-seen!

The Director, Cloud Security Engineering leads and directs the Application Security, Engineering, and Threat Hunting programs, ensuring that Disney Parks, Experiences, and Consumer Products (DPECP) is protected from security threats or attacks through development of security automation and machine learning capabilities, ensuring sound Application Security, and proactively hunting threats to DPECP systems.

Responsibilities :
Leads Security Engineering team helping to protect the network and company assets from any security threats or attacks through the development of security automation capabilities. The team develops and implements security scripts, automation, machine learning models, scans, alerts, and monitors for both proactive activities as well as threat intrusion and detection.
Leads DPECP Application Security Architecture and Penetration Testing ensuring that clear and measurable security requirements are available and consistently met and/or exceeded within DPECP Applications.
Ensure Application Security is integrated throughout the development life cycle and Secure Coding standards are communicated throughout DPECP and compliance is enforced.
Leads team responsible for maintaining and administering toolsets leveraged by the Cyber Security program.
Leads deep analysis of systems to understand limitations and weaknesses in order to identify cyber security gaps that need to be addressed.
Advises management on identifying and minimizing new threats and vulnerabilities.
Lead and manage Security team resources including hiring and career development.
Maintain leading edge knowledge of threats, technology, processes and other related industry knowledge.
Partners with the Director, Continuous Security Monitoring, Compliance, Standards & Risks to execute an all-encompassing global security strategy and vision.

Basic Qualifications :
5+ years of Cloud Security experience, AWS, Azure, Google Cloud
15+ years of full-time work experience in information security management and/or related functions demonstrating progressive leadership experience in Cyber Security.
Certifications in one of more of the following - CISSP, CISM, CISA, CRISC, GPEN, CEH
Experience managing geographically dispersed teams of experienced and technical employees required (internal & outsourced.)
Proven and demonstrated successful experience within the following areas of Cyber Security:
Application Security
Data Security
Penetration Testing
Advance Threat Detection & Monitoring
Automation & Machine learning
Security Operations & Threat Hunting
Up-to-date knowledge of information security issues, trends and leading practices
Expertise in security policy development, defensive protocols, and the tools marketplace
Expertise in Application Security, Penetration Testing, and Secure Coding
Strong leadership skills with the ability to influence, collaborate, lead team and partners through change, and deliver results and who is able to communicate security-related concepts to a broad range of technical and non-technical teams
Strong communication skills with the ability to present to senior management

Preferred Qualifications:
Cloud native toolchain and architecture
Terraform Sentinel Policy
HashiCorp Vault
Spinnaker multi-cloud continuous delivery platform
In depth knowledge of regulatory environment (Sarbanes-Oxley, HIPAA, PCI, PPI, GDPR, Data Privacy, Safe Harbor and other regulations)
CISSP, GCIH, CISM, CISA, CEH certifications are preferred

Required Education :
Undergraduate Degree in Engineering/Technology or equivalent work experience

Preferred Education :
Master’s in Computer Science, Business Administration, and/or Information Systems preferred