上海招聘

职位概述 Position Overview

创造神奇和提供无与伦比的度假体验离不开最前沿的技术，这也是华特迪士尼乐园及度假区成为最受青睐的旅游目的地的原因。华特迪士尼乐园及度假区技术（WDP&R Technology）将创新融入到个性化技术解决方案中，为全方位提升游客体验提供高质量应用程序及基础架构。

资深信息技术安全专员负责与信息技术团队合作，结合业务战略目标，实施安全准则，以保护信息资源机密性、完整性和可用性。该信息安全专员需在信息安全策略与标准、信息安全事件管理、信息安全意识培训和漏洞管理领域开展研究与指导工作。该信息安全专员将和各团队成员合作以确保项目和现有系统达到/符合指定级别的安全性、私密性和合规控制。

华特迪士尼乐园及度假区技术（WDP&R Technology）团队正在寻找具有远见卓识、丰富工作经验、渴望学习成长，致力于提供优质产品，享受与业务伙伴紧密合作，共同应对战略策略挑战的团队成员。

Technology is at the forefront of delivering the magic and enabling the unparalleled vacation experience that makes Walt Disney Parks & Resorts the most visited tourist destinations. The Walt Disney Park & Resort Technology (WDP&R Technology) team combines custom technology solutions with creativity to produce robust applications that enhance all aspects of the guest experience.

The Senior IT Security Specialist is responsible for collaborating with Information Technology teams to implement security requirements that protect the confidentiality, integrity, and availability of information resources while aligning with business goals and objectives. The IT Security Specialist provides research and guidance in the areas of security policies and standards, security incident management, security awareness training, and vulnerability management. This role works with team members to ensure projects and existing systems have the appropriate level of security, privacy, and compliance controls.

WDP&R Technology seeks forward-thinking team members with accomplished professional experience who are passionate about delivering a quality product, desire to learn and grow, and enjoy working closely with business partners on both strategic and tactical challenges.

主要职责Key Responsibilities

• 提早发现商业应用系统的安全性需求，并纳入到所有信息技术项目中。

  Attend in ensuring that application security requirements are identified early on and are being included in to all information technology projects.

• 参与和商业应用系统设计与架构的评审工作，从信息安全角度积极提供反馈。

  Attend design and application architectural reviews and actively provides feedback to the discussions from a security standpoint.

• 识别新的信息技术项目在信息安全方面的风险与需求。

  Identify security risks and requirements for new information technology projects.

• 制订信息安全测试计划并将其集成到软件开发生命周期中。

  Develop security test plans and integrate into the software development lifecycle.

• 执行、监督信息安全测试，指导相关信息技术团队对信息安全漏洞的补救工作。

  Perform/oversee security testing and direct information technology teams in the remediation efforts of security findings.

• 解释风险并权衡不同的补救方法。

  Explains risk and trade-offs in differing methods of remediation.

• 支持许可商业应用系统上线。

  Supports sign-off on application security prior to go-live implementation.

• 提供验证性证据、信息安全漏洞、补救建议和整体风险状况的书面报告，向技术团队和最终用户部门说明商业应用系统的信息安全状况。

  Provides written reports featuring validation evidence, exposure, remediation recommendations, and overall risk status, to explain security to both Technology teams and LOBs.

• 与第三方合作评估信息安全风险，推动信息安全设计与测试。

  Work with third party suppliers to conduct security risk assessments, promote secure design, and security testing.

• 作为信息专家参与公司信息安全应急响应项目。

  Participates as a subject matter expert in the company security incident response program.

• 与合规团队合作，协助合规性要求与调查。

  Work with the Parks & Resorts Compliance Team to support compliance requirements and investigations.

• 执行其它任务。

  Performs additional duties as assigned.

资格要求Required Qualifications

• 计算机科学学士学位或同等学历，具有信息系统管理或相关专业的信息安全认证（CISSP or CISA）。

  Bachelor's degree or equivalent in Computer Science, Management Information Systems or related field with an accompanying security accreditation (i.e., CISSP or CISA,).

• 3年以上信息安全相关经验。

  3+ years of information security experience.

• 3年以上信息安全风险评估与分析相关经验。

  3+ years of security risk assessment and/or risk analysis experience.

• 1年以上信息安全审计与合规验证相关经验。

  1+ years of experience with security auditing and/or security compliance validation.

• 具备信息安全相关的法律法规知识，熟识Sarbanes-Oxley法案、PCI和隐私法。

  Knowledge of security related legislation/regulations with emphasis on Sarbanes-Oxley, PCI, and privacy.

• 对信息安全领域具备高度热情，能持续跟进并跟上该领域的发展与趋势及研究方向。

  Ability to demonstrate aptitude, interest, and passion in keeping up with information security technical trends, research, and current development.

• 能对访客和公司网络进行评估并识别网络是否已被批准，以确保网络配置安全。定期或按需进行防火墙策略审核。

  Experience with performing Assessments of guest and corporate networks to identify approved and rogue wireless networks and ensure networks are configured securely as corporate standard. Review the firewall rules on regular or on demand basis.

• 具有漏洞管理、网络和主机入侵检测、反病毒和反间谍软件解决方案与检测的相关经验。

  Experience with vulnerability management, Network and Host-Based Intrusion Detection, antivirus, and anti-spyware solutions and monitoring processes.

• 拥有良好的英语书面和口头交流能力（演示、技术报告和提案）。

  Good communication in English, both oral and written (presentations, technical reports and proposals).

• 具备处理机密信息的能力。

  Demonstrated ability to handle confidential information

作为全球家庭娱乐业的领军企业之一，上海迪士尼度假区为我们的游客带来独具一格的服务和珍藏一生的记忆。加入我们，在这个充满奇幻、想像、创意和探险的全新世界里，为每年数以百万的度假区游客创造欢乐。无论您的迪士尼旅程走向台前还是幕后，您都拥有无限机遇。
As one of the worldwide leaders in family entertainment, Shanghai Disney Resort delivers legendary service and a lifetime of memories for our guests. Joining us in a new world of fantasy, imagination, creativity and adventure involves creating happiness for the millions of guests who visit our Resort each year. Whether your career journey here is onstage or backstage, there are almost unlimited opportunities for growth and personal development at Shanghai Disney.