商业架构经理 100-120万

Technology is at the forefront of delivering the magic and enabling the unparalleled vacation experience that makes Walt Disney Parks & Resorts the most visited tourist destinations.  The Walt Disney Park & Resort Technology (WDP&R Technology) team combines custom technology solutions with creativity to produce robust applications that enhance all aspects of the guest experience.
The IT Security Manager is responsible for collaborating with Information Technology teams to implement security requirements that protect the confidentiality, integrity, and availability of information resources while aligning with business goals and objectives.  The manager provides research and guidance in the areas of security policies and standards, security incident management, security awareness training, and vulnerability management.  This role works with team members to ensure projects and existing systems have the appropriate level of security, privacy, and compliance controls.
WDP&R Technology seeks forward-thinking team members with accomplished professional experience who are passionate about delivering a quality product, desire to learn and grow, and enjoy working closely with business partners on both strategic and tactical challenges.
主要职责Key Responsibilities
提早发现商业应用系统的安全性需求，并纳入到所有信息技术项目中。
Take the lead in ensuring that application security requirements are identified early on and are being included in to all information technology projects.
参与和商业应用系统设计与架构的评审工作，从信息安全角度积极提供反馈。
Attend design and application architectural reviews and actively provides feedback to the discussions from a security standpoint.
识别新的信息技术项目在信息安全方面的风险与需求。
Identify application security risks and requirements for new information technology projects.
制订信息安全测试计划并将其集成到软件开发生命周期中。
Develop security test plans and integrate into the software development lifecycle.
执行、监督信息安全测试，指导相关信息技术团队对信息安全漏洞的补救工作。
Perform/oversee security testing and direct information technology teams in the remediation efforts of security findings.
解释风险并权衡不同的补救方法。
Explains risk and trade-offs in differing methods of remediation.
支持许可商业应用系统上线。
Supports sign-off on application security prior to live implementation.
提供验证性证据、信息安全漏洞、补救建议和整体风险状况的书面报告，向管理层和技术团队说明商业应用系统的信息安全状况。
Provides written reports featuring validation evidence, exposure, remediation recommendations, and overall risk status, to explain security to both executive management and technical teams.
与第三方合作评估信息安全风险，推动信息安全设计与测试。

中国规模最大的现代服务业中外合作项目之一