Overview
Senior Security Analyst Jobs in India at The Walt Disney Company
Title: Senior Security Analyst
Company: The Walt Disney Company
Location: India
JOB SUMMARY:
The Senior Security Analyst is primarily responsible for executing various information security control assessment procedures to support numerous compliance programs. The role will coordinate with security/compliance point of contacts throughout the enterprise to confirm assessment scope, prepare/execute assessment procedures and prepare necessary reporting for internal or external stakeholders.
The role will specifically be supporting the Third-Party Risk Management function performing controls assessments over third party vendors providing services and products across different Disney business units. This includes helping to improve the overall effectiveness and efficiency of the assessment process.
In addition to supporting the Third-Party Risk Management function, this role will also help support other various compliance programs such as Sarbanes-Oxley, ISO27001, PCI DSS, etc.
REPORTING TO:Carin Ruiz
KEY RESPONSBILITIES:
Support the Third-Party Risk Management Function
Execute third-party related due diligence assessments.
Coordinate assessment activities with internal business stakeholders and vendors.
Maintain KPIs on an ongoing basis.
Create and maintain necessary documentation related to the planning, execution, and reporting of assessments, correspondence, findings, and remediation plans in TWDC systems.
Contribute to the overall optimization of the third-party risk management function
Support various other enterprise-wide information security compliance efforts, including, but not limited to:
Sarbanes-Oxley support in the form of internal control design and operating effectiveness testing.
Service Organization Controls (SOC) report reviews for key vendors.
ISO27001 / K-ISMS support in the form of risk assessment and consulting with control/process owners on remediation and ongoing monitoring.
PCI DSS support in the form of annual QSA audit management.
Perform ad-hoc customized control risk assessments to analyse information security and compliance risks. Work with various process/control owners to plan, execute, and report assessment results, including the documentation and monitoring of treatment and mitigation measures.
SKILLS & ATTRIBUTES FOR SUCCESS:
Excellent stakeholder management
Working knowledge of information security related frameworks including, but not limited to NIST, PCI DSS, ISO 2700x, SOC reporting (e.g., SSAE18, ISAE3402).
Working knowledge of cloud security and client-server architecture
Experience in the management of risk, controls, and compliance
Knowledge of risk assessment methodologies – qualitative/quantitative
Excellent analytical and problem-solving skills
Excellent presentation making and delivery skills
PREFERRED EDUCATION & EXPERIENCE:
Relevant Bachelor’s/Master’s degree from an accredited university or equivalent experience.
3-5 years of experience across Third-Party Risk Management, Information Security and Audit & Compliance monitoring
Minimum of 2 years in TPRM/Internal Audit/Risk.
Preferred experience with a large company and/or Big 4 accounting firm.
One or more credentials – CISA, CRISC, ISO27001 LA/LI, CISSP, CCSSP.
Experience in AI/ML and Cloud Devops is a plus.
