Universal Orlando Resort believes in-person collaboration is key to our success. Many of our Team Members work in a hybrid capacity, contributing from the workplace a minimum of three days per week. There are also roles that require being on-site full time. Limited remote opportunities may be available within specific departments. You’ll learn more about this during the recruitment process.

JOB SUMMARY: Responsible for all initiatives to support Universal Destinations and Experiences (UDX) Digital & Technology Cyber Governance & Compliance process as well as leadership of various security and risk management related initiatives. Focusing on cybersecurity, ensuring that products, systems, and processes meet our cybersecurity standards and regulatory requirements. This role involves a deep understanding of information security principles, data protection laws, and the technical aspects of cybersecurity and compliance

MAJOR RESPONSIBILITIES:

• Creates automated systems and management processes for effective compliance reporting and remediation. Manage/administer security assets. Analyze, evaluate, and determine applicable security deficiencies and risks to web applications, databases, operating systems, network devices, and endpoint systems. Collaborate across various Information Technology (IT) teams to drive overall remediation/mitigation plans. Manage vulnerability management service provider to deliver infrastructure vulnerability management services. Identify, prioritize, report, and communicate security vulnerabilities to the Teams responsible for remediation. Determining vulnerability applicability based on the actual impact on the organization and provide actionable remediation guidance to the Teams.
• Build and leverage relationships to influence IT Teams to patch their vulnerabilities and increase their vulnerability awareness and adoption. Select, architect, implement and run Vulnerability Management technologies. Integrate VM tools with ticketing system (e.g., Service-Now, JIRA etc.) Provide analytical key input to risk areas, vulnerabilities, remediation, and the network security posture.
  Automate vulnerability management processes to create efficiencies. Integrate VM scanning into CI/CD pipeline and container scanning processes. Provide governance over the Vulnerability Management Processes including writing and implementing VM standards, tracking vulnerability to closure, implementing long term controls to avoid the same vulnerabilities. Consolidate all vulnerabilities identified by various security tools into an orchestration platform.
• Acts as a subject matter expert in Cyber Security Compliance systems by assisting Sr. Leadership in defining, administering, and maintaining policies and procedures for effective compliance management for all applicable IT related rules and regulations. Assist Lead with vulnerability and patch management efforts that include managing the vulnerability management tools, network asset scanning, and remediation efforts that include vulnerability prioritization and action plans, mitigation activities, and active communication to stakeholders.
• Partner with internal security teams (Threat Intel, Forensics, Incident Response, GRC, etc.) regarding ways to detect or block exploitation. Gain knowledge of Vulnerability Management industry standards, best practices & processes and apply them in the environment. Participates in risk assessment and risk management by working closely with the Change Incident Manager, Information Security and Project Managers to reduce incidents and minimize change risks of IT production environment and report situations of non-compliance. Analyze IT Security reports to identify trends and root cause analysis. Serve in a consultative role to ensure individuals are aware of compliance obligations and how to support compliant behavior and use of technology. Escalate compliance concerns timely and effectively to business line management.
• Understands and actively participates in Environmental, Health & Safety responsibilities by following established UO policy, procedures, training and team member involvement activities.
• Performs other duties as assigned.

EDUCATION:

• Bachelor’s degree in Computer Science or equivalent.
• Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH)

EXPERIENCE:

• 5+ years with extensive experience working in IT with experience in a Security and Compliance with Vulnerability Management role that includes defining strategy, implementing new processes, project management, vendor and contract management.
• Extensive experience with hardware/software security lifecycle including regulations such as PCI, HIPAA, SOX etc.; ITIL Foundations preferred.
• Web Proxy, IPS, IDS, VPN, Identity Management, Email/Spam filter and SIEM experience preferred.
• Extensive knowledge and experience working with applicable data security and privacy practices and laws.
• Understanding of controls (e.g., access control, auditing, authentication, encryption, integrity, physical security, and application security).
• Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network-based scanners).
• Experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems. Host Based Security Systems, patch management.
• Beneficial if experienced in Database Activity Monitoring Systems (DAM), and Web application Firewalls (WAF).
• Ability to provide quality deliverables on time and on budget.
• Experience in using remediation tools.
• Well versed with scanning tools to perform regular scans, assessments to identify vulnerabilities in systems.
• Knowledge of various security technologies such as SIEM, firewalls, proxies, network, DLP, etc.
• Strong communication and interpersonal skills to collaborate effectively with cross functional teams.
• Overtime hours may be required to meet project deadline.
• ; or equivalent combination of education and experience.

Your talent, skills and experience will be rewarded with a competitive compensation package.

Universal Orlando Resort. Here you can.

Universal Orlando is an equal opportunity employer. Universal elements and all related indicia TM & © 2024 Universal Studios. All rights reserved. EOE