Job Summary:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

This position reports to the Corporate Information Security Officer, who is accountable for all security programs, initiatives, and activities within the corporate segment. This function aligns corporate segment programs with TWDC’s information security objectives and provides management reports to TWDC Information Security.
This includes:

• Managing information security risk
• Providing information security governance and management
• Overseeing control assurance, monitoring, and remediation
• Ensuring alignment with legal and regulatory requirements
• Delivering information security awareness, education, and training
• Providing situational leadership and support
• Publishing the status of Corporate’s information security posture

Responsibilities:

• Requires management expertise and experience in technology and information security compliance in a complex environment and both in-depth and broad knowledge of leadership principles
• Uses best practices and knowledge of internal and external business strategies, opportunities and trends to improve products and services, and proactively addresses business and regulatory compliance issues
• Solves complex problems; takes a new perspective on existing compliance solutions
• Works independently, receives minimal guidance, and provides management oversight to others
• Engages with cross-functional teams to manage complex information security compliance assessments (scoping, evidence collection, reporting, process metrics, process improvement, and QA)
• Manages security compliance assessments and controls testing and oversees remediation of control failures
• Gathers artifacts for internal and external compliance assessments
• Addresses legal and regulatory requirements of systems falling within a compliance program and monitors compliance with ISPS requirements
• Drives security compliance training, awareness, education, and communication, including input into resource allocation and direction
• Builds and fosters strong relationships, and collaborates closely with peers and partner groups in Corporate
• Knows and evaluates current policies to provide directional analysis and mitigation projects
• Aligns with metric based measurement of progress and provide input into executive dashboards regularly
• Researches, learns, and evaluates solutions to address complex problems, close gaps, and improve functionality and operations, including communication to senior levels
• Provides leadership in executing and expanding on the strategy of the Information Security Officer

Basic Qualifications:

• Minimum 12 years in technology organizations with at least 8 years of success leading a technology and/or security discipline within large organizations
• Demonstrated experience in information technology, information security, IT compliance, privacy or a data protection-related function
• Proven understanding of information security risk assessment and technology risk management and compliance procedures and methodologies
• Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls
• Strong knowledge of information technology and information security compliance principles, standards, practices and technologies
• Demonstrated experience leading work of others
• Demonstrated strong organizational skills with attention to detail
• Proven ability to achieve results in a fast moving, dynamic environment
• Ability to develop strong working relationships
• Ability to multi-task and meet deadlines
• Excellent communication, problem-solving and decision-making skills

Preferred Qualifications:

• Prefer one of the following certifications: CISSP, CISM, CISA or equivalent

Required Education

• BA/BS in information systems or computer science or appropriate work experience

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.