Universal Orlando Resort believes in-person collaboration is key to our success. Many of our Team Members work in a hybrid capacity, contributing from the workplace a minimum of three days per week. There are also roles that require being on-site full time. Limited remote opportunities may be available within specific departments. Youβll learn more about this during the recruitment process.
JOB SUMMARY:
Responsible for all initiatives to support Universal Destinations and Experiences (UDX) Digital & Technology Cyber Governance & Compliance process as well as leadership of various security and risk management related initiatives. This position is focusing on cybersecurity, ensuring that products, systems, and processes meet our cybersecurity standards and regulatory requirements. This role involves a deep understanding of information security principles, data protection laws, and the technical aspects of cybersecurity and compliance.
MAJOR RESPONSIBILITIES:
- Acts as a subject matter expert in Cyber Security Compliance systems by assisting Sr. Leadership in defining, administering, and maintaining policies and procedures for effective compliance management for all applicable IT-related rules and regulations. Design and implement security related configurations using custom code such Powershell, bash, Python, or Ansible scripts on an enterprise level. Integrate security products into current environment for automated provisioning and deployment.
- Analyze, design, and program software enhancements for new data streams with the aim of developing technical solutions and systems to mitigate privacy vulnerabilities and prevent potential future privacy risks. Develop and maintain documentation on privacy impact assessments, data protection procedures, and compliance measures. Assist with the management of data privacy, data protection, data usability, performance, and the integrity of the privacy solution. Conduct regular system audits to ensure compliance with the latest industry standards and regulatory requirements. Work closely with the IT and development teams to integrate privacy-preserving technologies into product designs and architecture.
- Conduct regular system audits to ensure compliance with the latest industry standards and regulatory requirements. Use automation platforms, such as Ansible Automation Platform, to provision security tools, sensors, and analytics. Automate security testing through custom scripts and orchestration platforms. Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active Plans Integrate VM tools with ticketing system (e.g., Service-Now, JIRA etc.). Provide analytical key input to risk areas, vulnerabilities, remediation, and the network security posture. Automate vulnerability management processes to create efficiencies. Integrate VM scanning into CI/CD pipeline and container scanning processes. Provide governance over the Vulnerability Management Processes including writing and implementing VM standards, tracking vulnerability to closure, implementing long term controls to avoid the same vulnerabilities. Consolidate all vulnerabilities identified by various security tools into an orchestration platform.
- Partner with internal security teams regarding ways to detect or block exploitation. Gain knowledge of on the latest developments in information security, privacy laws, and technologies best practices & processes and apply them in the environment. Participates in risk assessment and risk management by working closely with the Change Incident Manager, Information Security and Project Managers to reduce incidents and minimize change risks of IT production environment and report situations of non-compliance. Analyze IT Security reports to identify trends and root cause analysis. Serve in a consultative role to ensure individuals are aware of compliance obligations and how to support compliant behavior and use of technology.
- Understands and actively participates in Environmental, Health & Safety responsibilities by following established UO policy, procedures, training and team member involvement activities.
- Performs other duties as assigned.
EDUCATION:
- Bachelorβs degree in Computer Science or equivalent or CIPT.
- Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH)
- or equivalent combination of education and experience.
EXPERIENCE:
- 5+ years with extensive experience working in IT with experience in a Security and Compliance with Vulnerability Management role that includes defining strategy, implementing new processes, project management, vendor and contract management.
- Extensive experience with hardware/software security lifecycle including regulations such as PCI, HIPAA, SOX etc.; ITIL Foundations preferred.
- Web Proxy, IPS, IDS, VPN, Identity Management, Email/Spam filter and SIEM experience preferred.
- Extensive knowledge and experience working with applicable data security and privacy practices and laws.
- Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
- Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network-based scanners).
- Experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems. Host Based Security Systems, patch management.
- Beneficial if experienced in Database Activity Monitoring Systems (DAM), and Web application Firewalls (WAF).
- Ability to provide quality deliverables on time and on budget.
- Experience in using remediation tools.
- Well versed with scanning tools to perform regular scans, assessments to identify vulnerabilities in systems.
- Knowledge of various security technologies such as SIEM, firewalls, proxies, network, DLP, etc
- Strong communication and interpersonal skills to collaborate effectively with cross functional teams.
- Overtime hours may be required to meet project deadline
- Experience in cloud or highly-virtualized environments, such as Amazon Web Services, Microsoft Azure, VMWare ESXi, Nutanix, etc.
- Experience creating scripts to implement and automate system deployment and configurations is required for consideration for this position.
- ; or equivalent combination of education and experience.
Β
Your talent, skills and experience will be rewarded with a competitive compensation package.
Universal is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Universal Orlando via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Universal Orlando HR/Recruitment will be deemed the sole property of Universal Orlando. No fee will be paid in the event the candidate is hired by Universal Orlando as a result of the referral or through other means.
Universal Orlando Resort. Here you can.