Why you should join our At-Bay Security team:

​

At-Bay is a fast-growth InsurSec company (Insurance x Cybersecurity) on a mission to bring innovative products to the market that help protect small businesses from digital risks. As an InsurSec provider, we uniquely combine insurance with mission-critical security technologies, threat intelligence, and human expertise, to bridge the critical security capability gap that exists among SMBs in the community. We believe InsurSec is an $80B market opportunity and we are excited to expand our DFIR team in order to help expand our reach and influence in the business and security community, of which we serve 35,000 customers.

​

With At-Bay, our customers experience fewer ransomware attacks. This is just the tip of the iceberg! Click here to learn more about what we're building.

• Forensically sound collection, transmission, and storage of digital evidence
• Analysis of digital evidence to identify indicators of compromise and adversary activity
• Development of incident timelines and theories of compromise
• Identification of incident root causes
• Participation in threat actor negotiations as necessary (e.g., ransom negotiations, etc.)
• Participation in incident recovery (e.g., restoration of data from backups, reimaging workstations and servers, rebuilding network infrastructure, etc.) activities as necessary
• Development and delivery of incident reports to document key incident details for engagement stakeholders including executive leaders for insureds, breach coach attorneys, and At-Bay claims management staff as necessary
• Development and delivery of recommendations to mitigate the risk of future incidents for impacted insureds
• Development and delivery of incident response training and simulations for targeted insureds

Required Qualifications:

• Bachelor’s degree or equivalent
• Minimum of 2 years of experience in cybersecurity operations, incident response, incident recovery, or another security discipline
• Willingness to travel as needed to perform job functions

​

Preferred Qualifications:

• Significant undergraduate or graduate coursework in computer science, computer engineering, information systems, or cybersecurity
• Previous background in law enforcement or government/military with experience leading complex technical investigations
• Knowledge of cloud environments, including knowledge of cloud security products and services offered by major cloud service providers (e.g., AWS, Azure, Google)
• Experience in a top-10 cyber consulting firm or leading DFIR provider preferred
• One or more industry cybersecurity certifications (e.g., GCIH, Security+, CISSP, etc.)

Our estimated base pay range for this role is $80,000-$130,000 per year. Base salary is determined by a variety of factors including but not limited to market data, location, internal equitability, domain knowledge, experiences and skills. In general, if the position sparks your interest we encourage you to apply - our team prioritizes talent.

Job Summary:

​

The Cybersecurity Regulatory and Compliance Lead will be responsible for facilitating compliance with our global regulations, including developing, implementing, and managing the organization’s Cybersecurity compliance programs. This role involves ensuring adherence to relevant laws, regulations, and standards, conducting risk assessments, and providing guidance on best practices to mitigate security risks.

• Develop and maintain comprehensive Cybersecurity regulatory and compliance programs.
• Monitor and interpret regulatory requirements and industry standards.
• Stay updated on the latest Cybersecurity regulatory and compliance changes.
• Manage all regulatory, compliance and client commitments in a single view.
• Conduct regular risk assessments and audits to ensure compliance to regulations.
• Identify compliance gaps and develop roadmaps to achieve compliance to regulations.
• Collaborate with internal teams to implement security controls and policies.
• Provide expertise on international regulatory frameworks such as NY DFS and DORA
• Maintain documentation and reporting related to regulatory and compliance.
• Liaise with external auditors, regulatory agencies and client requests as needed.
• Ensure compliance with global regulations, including DORA (Digital Operational Resilience Act), BaFin (German Federal Financial Supervisory Authority), and NY DFS (New York Department of Financial services.

Required Qualifications:

​

• Minimum of 10 years of experience in Cybersecurity compliance and regulatory roles.
• In-depth knowledge of relevant laws, regulations, and standards (e.g., GDPR).
• Experience with global regulatory frameworks, including DORA, BaFin, and NY DFS.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Detail-oriented with strong organizational skills.
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, CRISC, or equivalent.

​

Preferred Qualifications:

​

• Master’s degree in Cybersecurity or a related field preferred.
• Experience with security frameworks such as NIST, CRI or COBIT.
• Familiarity with cloud security and emerging technologies.
• Development background.

NA

Who We Are

The Identity Cyber Process, Governance & Administration team is one of the primary functional teams under the enterprise-supporting Identity and Access Management (IAM) organization within Enterprise Technology. This team is accountable and essential for the security and governance of the core identity services across the organization, including Secrets Management and Privileged Access Management (PAM). Specifically, this team’s mission is to define, deliver, enforce and administer policies, standards, controls, platforms, and security practices for workforce identity across The Walt Disney Company (TWDC) to reduce security risk and enable IAM service effectiveness.

​

What You Will Do

We Are Hiring a Secrets Management Governance Lead - Identity and Access Management!

​

You will be responsible for driving forward all cyber process, governance, and administration initiatives around the enterprise Secrets Management program and enterprise PAM solution, which includes governance around secret scanning and storage, security of the enterprise PAM solution, secrets solutions configuration management, and timely securing of secrets enterprise wide.

​

This role will serve as a large contributor to both the Secrets Management and PAM strategies and roadmaps as the dedicated Governance Lead, driving forward program objectives, and executing on key initiatives to meet these objectives. This role requires partnerships with various service teams in Global Information Security (GIS), segment Information Security Officer (ISO) teams, GIS Governance, Legal, and various product or service teams managing the PAM solution and secrets management ecosystem (e.g., scanning solutions, secrets storage solutions, etc.) to effectively drive direction in these programs and remediate exposed gaps.

• Engage across the company with strategic partners as the enterprise-wide Governance Lead for the Secrets Management and PAM service.
• Own majority of executive and business partner communications on risk reporting for the Secrets Management and PAM service, including to segment security teams, internal audit teams, etc.
• Act as a SME in driving improvements towards risk reduction to the overall Secrets Management and PAM service. Gain buy-in from key stakeholders for program success.
• Manage multiple competing tasks/responsibilities simultaneously, including program roadmap advancement and oversight, engagement with customers, intra-team coordination and collaboration, stakeholder reporting, etc.
• Provide knowledge of TWDC information security and regulatory policies and standards in the areas of secrets management and PAM

Must Have

• Minimum of 5+ years’ experience with hands-on Secrets Management including scanning and vaulting platforms, secrets remediation, and risk reduction reporting
• Direct experience with securing exposed secrets, assisting to further refining scanning results
• Strong knowledge of Privileged Access Management (PAM) solutions and governance processes
• Experience partnering on technical risk assessments, performing advanced data analytics, facilitating compliance evaluations
• Experience driving governance methodologies, creating technical standards, designing visual dashboard/reporting mechanisms, and formulating risk remediation strategies
• Prior working experience in assessing and reviewing configurations of various secrets scanning solutions.
• This is a highly autonomous role, and you will need to solve common secrets management and PAM gaps
• Familiarity with various secrets management solutions, such as GitGuardian, ArmorCode, cloud scanning solutions, and vaulting solutions (e.g., HashiCorp, AWS Secrets Manager, Azure Key Vault, etc.)

​

Nice-to-Have

• CISSP certification

​

Education

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this position in New York City and Seattle, WA is $120,300-$161,300 per year and in California is $114,900-$154,100 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.