Manager, Information Security and Compliance
樂享魔法
員工和演藝人員是我們一切工作的核心,因此 Disney 提供具有競爭力的全面獎勵方案,包括薪資、健康和儲蓄福利、休假計劃、教育機會等。
*福利和資格可能因企業和地點而異
- 健康保險與健康
- 托兒選項
- 有薪假期
- 退休計劃
- 學費援助
- 每週支薪
「直到我來到這裡之前,我不認為我覺得好玩才去做的事——透過統計數據講述體育故事——會成為我的工作。」
ESPN 高級研究員 Ana
工作概要:
HKDL Information Security and Compliance Team is part of the line of business (LOB) Technology, Digital and Data (T&D). The team provides services to protect the value and use of Disney’s information through collaboration, standardization and enforcement across HKDL T&D.
This role will be leading and driving the information security and compliance team in
- delivering cyber security assurance and best practices oversight for HKDL T&D portfolio of products, platforms and services ecosystems, across complex multi-cloud, multi-partner environments.
- working closely with global partners, internal T&D teams, other LOBs and external vendors
- providing information security related advisory in accordance with corporate and segment standards, industry practices and external regulations.
Key Responsibilities
Leadership
Supervise and lead the information security and compliance team with a diverse of specialists and external vendors in
- Planning and ensuring information security assessments are conducted on HKDL T&D applications according to corporate standards
- fostering a sense of teamwork and collaboration while driving effective dialogue, spirit of continuous improvement, and team-oriented decision making
- driving team to manage security risk metrics and end to end remediation
- facilitating the internal or external audits, penetration testing, and red team activities relating to HKDL T&D
- participating in information security incident response team to handle information security incidents, work closely with segment counterpart in conducting investigations, and prepare incident reports
Partnership
Engage with different internal and external stakeholders to craft successful strategies, with lots of partnership opportunities from local, global and external
- Ensure effective communication with other T&D sub-teams and with other partners
- Act as the focal contact point with US partners about information security and compliance in T&D
- Best practices sharing and learnings with other sites, and working side-by-side with the global information security team
- Collaborate with teams to establish appropriate measures to reduce the risk of both accidental and malicious data disclosure
- Interactions with vendors to understand the new solutions in the marketplace and propose to management if needed
Result Driven
Act as the security architect and participate in architecture reviews to provide advisory and recommendation on information security related matters
- Provide value added input/ consultancy to the business partners and internal teams in security architecture and driving security by design
- Provide advice, recommendation and good practice in information security and compliance
- In partnership with application teams and other stakeholders, define and support the implementation of appropriate remediation plans to address identified gaps
- Support the closure of key cyber security threats and vulnerabilities (e.g. zero-day vulnerabilities or during the Project Development Lifecycle)
Project management
Lead and drive cross-team information security programs
- Maintain existing local managed privileged access management solution and develop a roadmap for additional capabilities
- Identify, propose and oversee the implementation of cross-team information security related program
- Providing leadership around any large-scale security & compliance projects created to execute remediation for any significant gaps identified, which may include the involvement of cross-functional teams
Business Savvy
- Capable to position and drive security initiatives as a business enabler
- Be the change champion and drive the others toward commitment to security
- Able to define, formulate and implement security strategy and potential roadmap
- Design and define security framework and architecture
Job Requirements
- Bachelor’s Degree or above in Computer Science, Technology, Engineering, Information/ Cyber Security, or relevant disciplines
- Minimum of 10 years working experience in information/ cyber security, IT audit/ governance/ compliance, technology risk management, or equivalent
- Holder of at least one industry recognized certification in information security (CISSP, CISA, CISM, or equivalent.)
- Prior experience in leading a team with solid understanding in information security and compliance related processes
- Possess knowledge of cyber security principles, information security risk managements, information/ cybersecurity controls and reviews to ensure adequate controls and adherence to company’s information security policies and standards
- Solid working experience in adopting security related framework/standards, such as PCI-DSS, Sarbanes Oxley (SOX), PDPO, GDPR, MITRE ATT&CK, etc.
- Good knowledge in control related best practices e.g. NIST, ISO 27001, SSAE21, COBIT, ITIL, etc.
- Knowledge of secure coding best practices, source code review, and internet threat vectors such as the OWASP top 10
- Excellent written and verbal communication skills in English and Chinese, with the ability to communicate technical topics to management and non-technical audiences
- Strong collaboration and interpersonal skills
- Strong problem solving, decision making, and analytical skills
- Attention to details, self-motivated and a good team player
HKProfessional #LI-AI1
關於Hong Kong Disneyland Resort:
香港迪士尼樂園度假區為不同國籍及年齡的賓客呈獻難忘且獨一無二的迪士尼奇妙體驗。賓客可以在這個奇妙王國裡置身喜愛的迪士尼故事中,在八個不同園區可盡情探索,親身享受各種獨有的得獎遊樂設施及娛樂體驗。賓客更可入住華麗又舒適的迪士尼主題酒店,令旅程更加完美。香港迪士尼樂園全心投入服務香港社區,致力傳揚樂園的奇妙歡樂。樂園透過不同層面的社區服務,關愛社會上有需要人士和家庭,啓發兒童和青少年的創意,更推動環境保護及健康生活。
關於 The Walt Disney Company:
Walt Disney Company 連同其子公司和聯營公司,是領先的多元化國際家庭娛樂和媒體企業,其業務主要涉及三個範疇:Disney Entertainment、ESPN 及 Disney Experiences。Disney 在 1920 年代的起步之初,只是一間卡通工作室,至今已成為娛樂界的翹楚,並昂然堅守傳承,繼續為家庭中每位成員創造世界一流的故事與體驗。Disney 的故事、人物與體驗傳遍世界每個角落,深入人心。我們在 40 多個國家/地區營運業務,僱員及演藝人員攜手協力,創造全球和當地人們都珍愛的娛樂體驗。
這個職位隸屬於 HK International Theme Parks Limited,其所屬的業務部門是 Hong Kong Disneyland Resort。
就業申請的殘疾便利安排
The Walt Disney Company 及其聯營公司是推動平等就業機會的僱主,歡迎所有求職者,包括殘疾人士。如你是殘疾人士,並需要合理便利安排以搜尋職位空缺或申請職位,請將要求發送至HKDL.Candidate.Accommodations@Disney.com。本電郵地址不擬用於一般僱傭查詢或通訊。我們只會回應與網上申請系統殘疾人士無障礙功能相關的要求
遇到技術問題?查看常見問題以尋求協助。
招聘流程
-
您的故事從哪裡開始?
探索 Disney 職位空缺和 The Life at Disney 網誌,了解華特迪士尼公司有待發掘的所有精彩機會。
-
迪士尼的故事裏,有你更精彩成就迪士尼故事
有許多不同品牌和業務可供探索。當您找到適合您的機會後,請填寫您的申請,進行下一步。
-
下一章
申請後,您將收到一封電子郵件,讓您可存取應徵者控制面板。建立您的登入資料,並確保經常檢視您的控制面板,以查看申請進度。
探索此地點 APAC
70 多年來,The Walt Disney Company 一直為亞太地區的消費者提供娛樂,並豐富人們的生活。現今的消費者可在 APAC 地區的多個市場以豐富方式探索新品牌體驗。
相關工作
我們的文化
登記收取職缺通知
即時收到最新的工作機會的資訊。
分享
連結會在新分頁中開啟。