Senior Security Engineer - GRC (Governance, Risk and Compliance)

Remote (India) /
01. Engineering – Security Engineering /
Full time
/ Remote
Disney+ Hotstar is leading the way as the largest and smartest video platform in the country, reaching over 300 million users today. We have set a number of world records along the way - including for the highest concurrent viewership at 25.3 million during the ICC Cricket World Cup 2019. Disney+ Hotstar today is the one-stop destination for all your entertainment needs - from Live Sports, Indian and International Shows and Movies to all Disney content, including Pixar, Marvel, Star Wars, National Geographic and Disney+ Originals. We’re looking for the brightest minds to build the future of TV with us. 
About the Role  

The GRC lead should ensure the existence of appropriate security governance within the cloud and internally controlled environments (policy, procedures, baselines and monitoring assessment of required security controls, and testing of adherence to required policies, procedures and monitoring. Our team members are given a great deal of autonomy in the pursuit of keeping Hotstar secure. He/She will collaborate with other members of the Security, Engineering, Legal and IT teams to for security compliance requirements (SOX, PCI, GDPR, NIST, etc) and define appropriate and effective information security controls and will work with the various business units to implement them. You will also be responsible for conducting 3rd party vendor security reviews of our partners when appropriate to ensure that we evaluate our vendors securely and in support of the business. Finally, you will be responsible for operating and maintaining our Security Awareness program, which involves both partnering with People & Culture on the training. You will drive efforts to prototype, implement, test, deploy and maintain new automated processes to meet compliance requirements. . He/She should be able to define right metrics, monitor and improve on regular basis.

We’re looking specifically for GRC practitioners who place an emphasis on practical security
The pace of our growth is incredible – if you want to tackle hard and interesting problems at scale, and create an impact within an entrepreneurial environment, join us!

Your Key Responsibilities

    • At least 5+ years in Security, preferably in GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc)
    • Strong ability to drive multiple workstreams in parallel within GRC
    • Strong written and spoken communication skills when responding to external requests
    • Strong partnership and soft skills to influence outside of the Security organization to drive a culture of Security
    • Define metrics to track program progress and maturity for various stakeholders.
    • Improve controls for internal systems, processes, and policies.
    • Collaborate with internal teams and external auditors throughout compliance assessments.
    • Understand technical implementation details necessary to assess general and situational Information Security risk.
    • Responsible for the development and oversight of required mitigation plans relating to information security risk and policy exceptions.
    • Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
    • Develop long-term objectives of how we will evolve privacy controls while delivering on immediate priorities.
    • Provide robust assurance of the operational effectiveness of our compliance controls.
    •  Develop and track towards the overall mission and GRC Roadmap
    • Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53)
    • Understanding of common vendor risks and common vendor attestations (SSAE16, SOC2, SIG-Full/Lite)
    • Understanding of security best practices (Password security, device security etc) in the context of Security Training and Awareness

What to Bring

    • Experience in technical concepts similar to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
    • Experience in Information Security policy development and risk management at tech companies.
    • Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
    • Demonstrated leadership experience working and communicating at executive levels.
    • Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
    • Conceptual, critical thinking, and sound judgment with strategic orientation and experience performing tactically.
    • Experience providing technical knowledge appropriate to delivery of security protections.
    • 3-5 years of Compliance, Security or IT Audit experience preferably in a cloud environment.
    • SOX ITGC, HIPAA, GDPR, PCI, ISO 27K experience a plus
    • Effective negotiating and problem solving skills.
    • Experience working with Internal and External Audit teams
    • Proactive and detail orientated team player.

Preferred Skills

    • Advanced security certifications like CISM, CISA, CISSP-ISSMP preferred
    • Experience with a large company and/or Big 4 accounting firmExperience in influencing across all levels of the organization.
    • Excellent project management skills.
    • Eagerness to learn new things and discover emerging and new data trends.
Our Values
- We are customer obsessed
- We are audacious in vision and action
- We encourage honesty and open dialogue
- We respect everyone and every point of view
- We make objective and data-driven decisions
- We believe trust and accountability go hand-in-hand
- We invest in each other's growth
- We bring our A-game and nothing else
- We take charge and get it done

The Perks
- The glory. Almost too much responsibility. 
- No dress code. Unlimited leave.
- A fun-life balance. 
- A ticket on our rocket ship to the moon.  🚀

Who we are as an employer
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider for employment qualified applicants with criminal histories consistent with applicable law.

Who we are as a company 
We’re Disney+ Hotstar. The go-to destination for over 300 million users for everything from Live Sports, Indian and International Shows and Movies to all Disney content, including Pixar, Marvel, Star Wars, National Geographic and Disney+ originals. Our mission is to revolutionize internet entertainment through smart personalization, and by building a global video platform that takes over the world wide web and the whole wide world. 

To learn more about our team, check out the following blogs :