Job Information
NBC Universal Engineer, IT Governance & Cybersecurity- Cloud in Orlando, Florida
Universal Orlando Resort believes in-person collaboration is key to our success. Many of our Team Members work in a hybrid capacity, contributing from the workplace a minimum of three days per week. There are also roles that require being on-site full time. Limited remote opportunities may be available within specific departments. You’ll learn more about this during the recruitment process.
JOB SUMMARY:
Responsible for all initiatives to support Universal Destinations and Experiences (UDX) Digital & Technology Cyber Governance & Compliance process as well as leadership of various security and risk management related initiatives. This position is focusing on cybersecurity, ensuring that products, systems, and processes meet our cybersecurity standards and regulatory requirements. This role involves a deep understanding of information security principles, data protection laws, and the technical aspects of cybersecurity and compliance.
MAJOR RESPONSIBILITIES:
Acts as a subject matter expert in Cyber Security Compliance systems by assisting Sr. Leadership in defining, administering, and maintaining policies and procedures for effective compliance management for all applicable IT related rules and regulations. Design and implement security related configurations using custom code such Powershell, bash, Python, or Ansible scripts on an enterprise level. Integrate security products into current environment for automated provisioning and deployment. Lead in the design of enterprise cloud infrastructure and services to ensure security requirements are met.
Creates automated systems and management processes for effective compliance reporting and remediation. Manage/administer security assets. Analyze, evaluate, and determine applicable security deficiencies and risks to web applications, databases, operating systems, network devices, and endpoint systems. Collaborate across various Information Technology (IT) teams to drive overall remediation/mitigation plans. Manage vulnerability management service provider to deliver infrastructure vulnerability management services. Identify, prioritize, report, and communicate security vulnerabilities to the Teams responsible for remediation. Determining vulnerability applicability based on the actual impact on the organization and provide actionable remediation guidance to the Teams.
Use automation platforms, such as Ansible Automation Platform, to provision security tools, sensors, and analytics. Automate security testing through custom scripts and orchestration platforms. Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active Plans Integrate VM tools with ticketing system (e.g., Service-Now, JIRA etc.) Provide analytical key input to risk areas, vulnerabilities, remediation, and the network security posture. Automate vulnerability management processes to create efficiencies. Integrate VM scanning into CI/CD pipeline and container scanning processes. Provide governance over the Vulnerability Management Processes including writing and implementing VM standards, tracking vulnerability to closure, implementing long term controls to avoid the same vulnerabilities. Consolidate all vulnerabilities identified by various security tools into an orchestration platform.
Partner with internal security teams regarding ways to detect or block exploitation. Gain knowledge of Vulnerability Management industry standards, best practices & processes and apply them in the environment. Participates in risk assessment and risk management by working closely with the Change Incident Manager, Information Security and Project Managers to reduce incidents and minimize change risks of IT production environment and report situations of non-compliance. Analyze IT Security reports to identify trends and root cause analysis. Serve in a consultative role to ensure individuals are aware of compliance obligations and how to support compliant behavior and use of technology.
Understands and actively participates in Environmental, Health & Safety responsibilities by following established UO policy, procedures, training and team member involvement activities.
Performs other duties as assigned.
EDUCATION:
Bachelor’s degree in Computer Science or equivalent.
Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH)
or equivalent combination of education and experience.
EXPERIENCE:
5+ years with extensive experience working in IT with experience in a Security and Compliance with Vulnerability Management role that includes defining strategy, implementing new processes, project management, vendor, and contract management.
Extensive experience with hardware/software security lifecycle including regulations such as PCI, HIPAA, SOX etc.; ITIL Foundations preferred.
Web Proxy, IPS, IDS, VPN, Identity Management, Email/Spam filter and SIEM experience preferred.
Extensive knowledge and experience working with applicable data security and privacy practices and laws.
Your talent, skills and experience will be rewarded with a competitive compensation package.
Universal is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Universal Orlando via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Universal Orlando HR/Recruitment will be deemed the sole property of Universal Orlando. No fee will be paid in the event the candidate is hired by Universal Orlando as a result of the referral or through other means.
Universal Orlando Resort. Here you can.
Universal Orlando is an equal opportunity employer. Universal elements and all related indicia TM & © 2024 Universal Studios. All rights reserved. EOE