Director, Content Security Engineering
The Walt Disney Studios includes Lucasfilm, Pixar, Walt Disney Animation, 20th Century Studios, Searchlight, Walt Disney Pictures, and Marvel Studios. The Content Security team supports these Studios by protecting and implementing a multi-faceted strategy of consulting, guidance, policy, risk assessments and technical capabilities.
The Director, Content Security reports into the Vice President of Content Security at The Walt Disney Studios based in Glendale, CA and is responsible for supporting the securing of all creative content produced at the Walt Disney Studios. The Director, Content Security Engineering will oversee the security assessment program which will cover both first-party and third-party applications and cloud environments. Additionally, the Director, Content Security Engineering will oversee providing technical consulting and provide guidance on the secure implementation of technology solutions to enable the secure management of Studios’ pre-release content.
Overall responsibilities
Develop the strategy and manage key program execution including, but not limited to:
Application Security – Support internal development teams who build and engineer mission critical systems
3rd Party Application Security – Oversee and provide vendor security assessment services
Influence Engineering Roadmaps – work with development teams (both 1st and 3rd party) to influence their engineering roadmaps to prioritize content protection features and harden and mature existing features that would benefit Disney Studios’ mission of securing our content
Cloud Security – Heavy dependency on AWS. Implement and oversee robust proactive monitoring and secure configuration program to ensure cloud usage remains secure, is workloads are deployed secure by default and any security deviations are detected and corrected in real time
Serve as a Subject Matter Expert providing technical guidance around security best practices encompassing applications, cloud infrastructure, and facilities
Partner with other internal security teams to deliver application security services that cover the entire Disney Studios application portfolio
Provide technical solutions, consulting, and recommendations to internal and external business units with an emphasis around secure network architecture, secure storage, secure data centers and hardening best practices
Drive the continued improvement of existing program-based documentation (e.g. standards, process, and communications)
Socialize security programs and initiatives internally and externally, including the development and delivery of executive-level presentations
Evaluate and test business processes / controls and identify areas of risk, and develop mitigation plans
Oversee day-to-day teams' operation and performance
Monitor team performance and report on metrics to the Vice President
Lead security programs with an emphasis on digital security, physical security, reliability, information assurance, and related processes
Formally define baseline Studio security requirements by leading development of Application, Cloud and Facility Security frameworks
Manage all aspects of the evaluation lifecycle, including planning, fieldwork, reporting and archiving
Delegate tasks and set project deadlines
Apply current knowledge of IT trends and systems processes to identify security and risk management issues and opportunities for improvement
Work with internal assurance teams and business unit stakeholders to assess vendor evaluation strategy, cloud strategy, define objectives, and address technology-related controls risks and issues
Act as Application / Cloud Security subject matter expert to vendors and in-house personnel
Develop and deliver training materials and perform general security awareness and specific security technology training
Evaluate and recommend new and emerging security products and technologies
Willingness to travel up to 25% domestically and internationally
Experience and qualification
10+ years experience executing and then managing technical security assessment and risk functions for large heterogeneous environments
7+ years of experience in information security with emphasis in the following areas: security architecture, security engineering, system and network security, authentication and protocols, cryptography, and application security
4+ years of experience with cloud technologies
Advanced knowledge of cloud security and infrastructure environments for top tier cloud providers
Prior experience managing diverse and multi-location based technical teams required
Prior experience in the entertainment industry preferred
CISSP, CISM, or other security certifications preferred
Required skills
Broad technical skills in conducting security assessment against established security frameworks (e.g., ISO 17799/27002, PCI, MPAA)
Extremely strong communication, executive presence and emotional intelligence skills
Strong ability to convey technical issues to a less technical audience
Strong knowledge of common application vulnerabilities, with a proven track record of partnering with implementation teams on remediation
Broad technology expertise with application, system integration, data, infrastructure, and device management knowledge
Understanding of identity and access management fundamentals, including SSO protocols and multi-factor authentication solutions
Strong understanding of secure network principles of perimeter devices, servers, and workstations
LAN, WAN, TCP/IP connectivity and security protocols (Point-to-Point, MPLS, VPN)
Directory Services (e.g., Active Directory, Open Directory, LDAP)
Storage solutions (e.g., SAN, NAS, encrypted storage mechanisms)
Digital transfer tools (e.g., Aspera, Signiant)
OS hardening best practices for both servers and workstations
Understanding of incident investigation processes and techniques
Desired skills
Knowledge of studio IT systems, including production and post-productions environments
Thorough knowledge of feature film production and post-production industries, services, and workflows (e.g., DI, editing, visual/audio effects, encoding, on-set support)
Understand the security considerations of systems that leverage AI/ML, including generative AI
Experience working with or assessing media specific systems and content protection solutions (DRM, watermarking, encryption, streaming protocols, etc.)
Certifications in one or more of the following desired - AWS, CCNP, CISSP, CISM, CISA, GIAC, CEH, ITIL, VCP, VCAP
Experience in technical project management/leading large scale technology initiatives
Strong negotiation skills
Job Related Education
Bachelor's degree in computer science, Information Systems, IT Engineering, or a related field
Masters in one of the above or MBA desired
The hiring range for this position in Glendale, CA is $180,700.00 to $242,300.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
#J-18808-Ljbffr