Lead Security Governance Manager

On any given day at Disney Entertainment & ESPN Technology, we're reimagining ways to create magical viewing experiences for the world's most beloved stories while also transforming our media business for the future. Whether that's evolving our streaming and digital products in new and immersive ways, powering worldwide advertising and distribution to enhance flexibility and efficiency, or delivering Disney's unmatched entertainment and sports content, every day is a moment to make a difference to partners and to hundreds of millions of people around the world.

A few reasons why we think you'd love working here:

• Building the future of Disney's media: DE&E Technologists are designing and building the infrastructure that will power our media, advertising, and distribution businesses for years to come.
• Reach & Scale: The products and platforms this group builds and operates delight millions of consumers every minute of every day - from Disney+ and Hulu, to ABC News and Entertainment, to ESPN and ESPN+, and much more.
• Innovation: We develop and implement groundbreaking products and techniques that shape industry norms and enhance how audiences experience sports, entertainment & news.

Content Operations is ultimately responsible for successfully delivering entertainment and sports content to millions of people every day. This involves developing, operating, and leading a global content supply chain - the myriad of steps involved from taking a finalized TV show/movie, or live piece of content, from inside Disney to audiences around the globe, in their preferred language and format. This team also leads technology operations in Latin America, Europe and Asia Pacific.

The Content Platforms' Content Protection team is looking for a Lead Security Governance Manager to play an influential role in the evaluation and assessment of the vital technology we need to distribute and protect our content. You may be challenged to creatively apply your content protection expertise to rare and complex aspects of distribution agreements with third party licensees. You must also have the ability to operate independently, proactively, and cross-functionally with technical and non-technical teams across the company.

As a Lead Security Governance Manager, you will have the opportunity to deep dive into the content distribution deal negotiation process as well as influence and evolve the content protection policies adopted by TWDC. Your responsibilities include supporting content security reviews for 3rd party distribution deals, identifying and evaluating emerging media distribution platforms and consumption devices, supporting piracy intelligence investigations, and maintaining a "tear down" lab. You may also represent TWDC in select industry forums and consortiums.

• Support distribution deals across worldwide distribution channels from a security technology standpoint, in particular as it relates to consumer experience, content protection, and future distribution trends
• Review licensee Technical Questionnaires and follow up as needed
• Hands-on evaluations of third-party media distribution solutions, including streaming video solutions, cable interactive frameworks, IPTV middleware platforms, and physical media
• Hands-on evaluations of new consumer devices, including set top boxes, mobile phones, and media application frameworks
• Hands-on evaluations of content protection solutions, including watermarking, fingerprinting, CAS, DRM, and encryption schemes
• Hands-on evaluations of chipsets components, including CPUs, GPUs, hybrid architectures, and mobile chipsets
• Participate in security reviews, threat modeling, and incident response investigations
• Perform audits such as VPN and geo-filtering effectiveness testing, vulnerability testing on platforms, devices, plug-ins and DRM implementations and effectively communicate results to both technical and non-technical stakeholders
• Design and maintain test cases, scripts and custom test tools for evaluations and VPN testing
• Investigate piracy incidents and collaborate with internal teams to identify source of piracy and block accounts/devices.
• Participates in standard-setting and regulatory activities such as AACS, BDA, DTLA, DCP, DCI, W3C, DVB, China DRM
• Keep technical and non-technical stakeholders abreast of trends, emerging products, delivery solutions, and content protection solutions
• Evaluate and provide security insights on consumer devices, including set top boxes, mobile phones, media application frameworks
• Translate trends into impacts to the current and future business in terms of product offerings, consumer experience and expectations, as well as distribution strategy
• Collaborate closely and effectively with other technology teams across TWDC

Minimum Qualification

• Strong understanding of content protection CAS and DRM solutions ((e.g. Google Widevine, Apple FairPlay Streaming, Microsoft PlayReady, Verimatrix, Nagra, OMA, etc.)), network protocols, delivery platforms, home networking protocols, encryption, digital audio/video, IP-delivered media and all forms of consumer media platforms;
• Strong understanding of mobile operating systems and security environments (iOS/Android).Skilled understanding of Digital Rights Management (DRM) based systems (e.g., Google Widevine, Microsoft PlayReady, Apple FairPlay, etc.).
• Knowledge of video distribution systems (OTT, Cable, Satellite, IPTV, etc.) and consumer devices
• Demonstrated the ability to perform hands-on technology and platforms evaluations;
• Technical expertise in encryption and authentication protocols, and their implementation;
• Experience with information security research, software and/or hardware interrogation, and familiarity with content distribution via the internet.
• Experience with VPN and Geo-filtering effectiveness testing.
• Successfully supported distribution deals across channels and business models;
• Hands-on knowledge of distribution platforms and device chipsets;
• Effectively communicate across all levels of the organization
• 7+ years of experience as a technology manager
• Demonstrated experience with security research tools.
• Informed understanding of network protocols, data delivery and security principles (PKI, RSA, etc.).
• Solid management skills and business acumen.
• Strong interpersonal and communication skills
• Proven track record in delivering complex software projects using a recognized project management methodology (Agile, Scrum, Waterfall, etc.)

Preferred Qualifications

• 7+ years of professional experience in media related engineering and system architecture;
• 7+ years of experience developing consumer facing applications- web, Interactive TV and Mobile;
• 7+ years of experience programming in OO environment (Java, C++, etc);
• 7+ years in systems integration;
• 7+ years building integrated solutions - front end, back end, services
• Demonstrated an ability to influence third party product roadmaps and features;
• Proven track record developing multi-tier applications in Java, .NET or other languages
• Proven track record in creating and consuming Web Services, REST, RSS, SOAP, JSON, OAuth
• First-hand knowledge of industry licensing and standard-setting activities;

The hiring range for this position in Burbank, CA is $124,000.00 to $166,200.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.