Job Posting Title:

Director, Content Security Engineering

Req ID:

10099674

Job Description:

Director, Content Security Engineering

The Walt Disney Studios includes Lucasfilm, Pixar, Walt Disney Animation, 20th Century Studios, Searchlight, Walt Disney Pictures, and Marvel Studios. The Content Security team supports these Studios by protecting and implementing a multi-faceted strategy of consulting, guidance, policy, risk assessments and technical capabilities. 

The Director, Content Security reports into the Vice President of Content Security at The Walt Disney Studios based in Glendale, CA and is responsible for supporting the securing of all creative content produced at the Walt Disney Studios.  The Director, Content Security Engineering will oversee the security assessment program which will cover both first-party and third-party applications and cloud environments.  Additionally, the Director, Content Security Engineering will oversee providing technical consulting and provide guidance on the secure implementation of technology solutions to enable the secure management of Studios’ pre-release content.

Overall responsibilities

Develop the strategy and manage key program execution including, but not limited to:

Application Security – Support internal development teams who build and engineer mission critical systems

3rd Party Application Security – Oversee and provide vendor security assessment services

Influence Engineering Roadmaps – work with development teams (both 1st and 3rd party) to influence their engineering roadmaps to prioritize content protection features and harden and mature existing features that would benefit Disney Studios’ mission of securing our content

Cloud Security – Heavy dependency on AWS.  Implement and oversee robust proactive monitoring and secure configuration program to ensure cloud usage remains secure, is workloads are deployed secure by default and any security deviations are detected and corrected in real time

Serve as a Subject Matter Expert providing technical guidance around security best practices encompassing applications, cloud infrastructure, and facilities

Partner with other internal security teams to deliver application security services that cover the entire Disney Studios application portfolio

Provide technical solutions, consulting, and recommendations to internal and external business units with an emphasis around secure network architecture, secure storage, secure data centers and hardening best practices

Drive the continued improvement of existing program-based documentation (e.g. standards, process, and communications)

Socialize security programs and initiatives internally and externally, including the development and delivery of executive-level presentations

Evaluate and test business processes / controls and identify areas of risk, and develop mitigation plans

Oversee day-to-day­­ teams' operation and performance

Monitor team performance and report on metrics to the Vice President

Lead security programs with an emphasis on digital security, physical security, reliability, information assurance, and related processes

Formally define baseline Studio security requirements by leading development of Application, Cloud and Facility Security frameworks

Manage all aspects of the evaluation lifecycle, including planning, fieldwork, reporting and archiving

Delegate tasks and set project deadlines

Apply current knowledge of IT trends and systems processes to identify security and risk management issues and opportunities for improvement

Work with internal assurance teams and business unit stakeholders to assess vendor evaluation strategy, cloud strategy, define objectives, and address technology-related controls risks and issues

Act as Application / Cloud Security subject matter expert to vendors and in-house personnel

Develop and deliver training materials and perform general security awareness and specific security technology training

Evaluate and recommend new and emerging security products and technologies

Willingness to travel up to 25% domestically and internationally

Experience and qualification

10+ years experience executing and then managing technical security assessment and risk functions for large heterogeneous environments

7+ years of experience in information security with emphasis in the following areas: security architecture, security engineering, system and network security, authentication and protocols, cryptography, and application security

4+ years of experience with cloud technologies

Advanced knowledge of cloud security and infrastructure environments for top tier cloud providers

Prior experience managing diverse and multi-location based technical teams required

Prior experience in the entertainment industry preferred

CISSP, CISM, or other security certifications preferred

Required skills

Broad technical skills in conducting security assessment against established security frameworks (e.g., ISO 17799/27002, PCI, MPAA)

Extremely strong communication, executive presence and emotional intelligence skills

Strong ability to convey technical issues to a less technical audience

Strong knowledge of common application vulnerabilities, with a proven track record of partnering with implementation teams on remediation

Broad technology expertise with application, system integration, data, infrastructure, and device management knowledge

Understanding of identity and access management fundamentals, including SSO protocols and multi-factor authentication solutions

Strong understanding of secure network principles of perimeter devices, servers, and workstations

LAN, WAN, TCP/IP connectivity and security protocols (Point-to-Point, MPLS, VPN)

Directory Services (e.g., Active Directory, Open Directory, LDAP)

Storage solutions (e.g., SAN, NAS, encrypted storage mechanisms)

Digital transfer tools (e.g., Aspera, Signiant)

OS hardening best practices for both servers and workstations

Understanding of incident investigation processes and techniques

Desired skills

Knowledge of studio IT systems, including production and post-productions environments

Thorough knowledge of feature film production and post-production industries, services, and workflows (e.g., DI, editing, visual/audio effects, encoding, on-set support)

Understand the security considerations of systems that leverage AI/ML, including generative AI

Experience working with or assessing media specific systems and content protection solutions (DRM, watermarking, encryption, streaming protocols, etc.)

Certifications in one or more of the following desired - AWS, CCNP, CISSP, CISM, CISA, GIAC, CEH, ITIL, VCP, VCAP

Experience in technical project management/leading large scale technology initiatives

Strong negotiation skills

Job Related Education

Bachelor's degree in computer science, Information Systems, IT Engineering, or a related field

Masters in one of the above or MBA desired

The hiring range for this position in Glendale, CA is $180,700.00 to $242,300.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

Job Posting Segment:

TWDSTECH

Job Posting Primary Business:

Technology-Content Protection

Primary Job Posting Category:

Security Engineering

Employment Type:

Full time

Primary City, State, Region, Postal Code:

Glendale, CA, USA

Alternate City, State, Region, Postal Code:

Date Posted:

2024-08-30