company_logo

Full Time Job

Director, Content Security Engineering

Disney

Glendale, CA 08-30-2024
 
  • Paid
  • Full Time
  • Executive (10+ years) Experience
Job Description
Director, Content Security Engineering

The Walt Disney Studios includes Lucasfilm, Pixar, Walt Disney Animation, 20th Century Studios, Searchlight, Walt Disney Pictures, and Marvel Studios. The Content Security team supports these Studios by protecting and implementing a multi-faceted strategy of consulting, guidance, policy, risk assessments and technical capabilities.

The Director, Content Security reports into the Vice President of Content Security at The Walt Disney Studios based in Glendale, CA and is responsible for supporting the securing of all creative content produced at the Walt Disney Studios. The Director, Content Security Engineering will oversee the security assessment program which will cover both first-party and third-party applications and cloud environments. Additionally, the Director, Content Security Engineering will oversee providing technical consulting and provide guidance on the secure implementation of technology solutions to enable the secure management of Studios' pre-release content.
Overall responsibilities
• Develop the strategy and manage key program execution including, but not limited to:
• Application Security – Support internal development teams who build and engineer mission critical systems
• 3rd Party Application Security – Oversee and provide vendor security assessment services
• Influence Engineering Roadmaps – work with development teams (both 1st and 3rd party) to influence their engineering roadmaps to prioritize content protection features and harden and mature existing features that would benefit Disney Studios' mission of securing our content
• Cloud Security – Heavy dependency on AWS. Implement and oversee robust proactive monitoring and secure configuration program to ensure cloud usage remains secure, is workloads are deployed secure by default and any security deviations are detected and corrected in real time
• Serve as a Subject Matter Expert providing technical guidance around security best practices encompassing applications, cloud infrastructure, and facilities
• Partner with other internal security teams to deliver application security services that cover the entire Disney Studios application portfolio
• Provide technical solutions, consulting, and recommendations to internal and external business units with an emphasis around secure network architecture, secure storage, secure data centers and hardening best practices
• Drive the continued improvement of existing program-based documentation (e.g. standards, process, and communications)
• Socialize security programs and initiatives internally and externally, including the development and delivery of executive-level presentations
• Evaluate and test business processes / controls and identify areas of risk, and develop mitigation plans
• Oversee day-to-day­­ teams' operation and performance
• Monitor team performance and report on metrics to the Vice President
• Lead security programs with an emphasis on digital security, physical security, reliability, information assurance, and related processes
• Formally define baseline Studio security requirements by leading development of Application, Cloud and Facility Security frameworks
• Manage all aspects of the evaluation lifecycle, including planning, fieldwork, reporting and archiving
• Delegate tasks and set project deadlines
• Apply current knowledge of IT trends and systems processes to identify security and risk management issues and opportunities for improvement
• Work with internal assurance teams and business unit stakeholders to assess vendor evaluation strategy, cloud strategy, define objectives, and address technology-related controls risks and issues
• Act as Application / Cloud Security subject matter expert to vendors and in-house personnel
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Evaluate and recommend new and emerging security products and technologies
• Willingness to travel up to 25% domestically and internationally

Experience and qualification
• 10+ years experience executing and then managing technical security assessment and risk functions for large heterogeneous environments
• 7+ years of experience in information security with emphasis in the following areas: security architecture, security engineering, system and network security, authentication and protocols, cryptography, and application security
• 4+ years of experience with cloud technologies
• Advanced knowledge of cloud security and infrastructure environments for top tier cloud providers
• Prior experience managing diverse and multi-location based technical teams required
• Prior experience in the entertainment industry preferred
• CISSP, CISM, or other security certifications preferred

Required skills
• Broad technical skills in conducting security assessment against established security frameworks (e.g., ISO 17799/27002, PCI, MPAA)
• Extremely strong communication, executive presence and emotional intelligence skills
• Strong ability to convey technical issues to a less technical audience
• Strong knowledge of common application vulnerabilities, with a proven track record of partnering with implementation teams on remediation
• Broad technology expertise with application, system integration, data, infrastructure, and device management knowledge
• Understanding of identity and access management fundamentals, including SSO protocols and multi-factor authentication solutions
• Strong understanding of secure network principles of perimeter devices, servers, and workstations
• LAN, WAN, TCP/IP connectivity and security protocols (Point-to-Point, MPLS, VPN)
• Directory Services (e.g., Active Directory, Open Directory, LDAP)
• Storage solutions (e.g., SAN, NAS, encrypted storage mechanisms)
• Digital transfer tools (e.g., Aspera, Signiant)
• OS hardening best practices for both servers and workstations
• Understanding of incident investigation processes and techniques

Desired skills
• Knowledge of studio IT systems, including production and post-productions environments
• Thorough knowledge of feature film production and post-production industries, services, and workflows (e.g., DI, editing, visual/audio effects, encoding, on-set support)
• Understand the security considerations of systems that leverage AI/ML, including generative AI
• Experience working with or assessing media specific systems and content protection solutions (DRM, watermarking, encryption, streaming protocols, etc.)
• Certifications in one or more of the following desired - AWS, CCNP, CISSP, CISM, CISA, GIAC, CEH, ITIL, VCP, VCAP
• Experience in technical project management/leading large scale technology initiatives
• Strong negotiation skills

Job Related Education
• Bachelor's degree in computer science, Information Systems, IT Engineering, or a related field
• Masters in one of the above or MBA desired

The hiring range for this position in Glendale, CA is $180,700.00 to $242,300.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.



[more...]

Jobcode: Reference SBJ-d5ve6e-3-145-40-246-42 in your application.

Salary Details
Salary Range: $180,700 to $242,300 Per Year ($ USD)