Skip to main content

Executive Director, InfoSec Governance, Risk, & Compliance

Job ID 10151183 Location Glendale, California, United States / New York, New York, United States / Seattle, Washington, United States / Lake Buena Vista, Florida, United States Business The Walt Disney Company (Corporate) Date posted May 26, 2026
Apply Now

Job Summary:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.  

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.  

Team Description: 

The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are: Reduce the risk of both accidental and malicious data disclosure; Identify, monitor, engage with complete inventory of information; Establish appropriate policies and procedures to be followed; Educate user community to minimize risk. 

Disney’s InfoSec GRC team is seeking a transformational leader to drive the next evolution of Governance, Risk, and Compliance across the enterprise. Reporting to the VP of Information Security, this role will lead the shift from a traditional compliance-driven approach to a modern, risk-intelligence-led model that enables better business decisions, strengthens security posture, and scales with Disney’s global technology and content ecosystem. This leader will partner closely with GIS and business leadership to embed risk awareness into daily operations, ensuring GRC is a strategic enabler of innovation—not a barrier. 

What You'll Do 

Transform GRC at Disney 

  • Drive the evolution of Disney’s InfoSec GRC program from a compliance-centric model to a dynamic, risk-intelligence-led capability that informs enterprise investment and prioritization decisions 

  • Define and elevate GRC standards by introducing innovative approaches to risk quantification, compliance automation, and integrated governance 

  • Partner with GIS and segment technology leadership to position GRC as a strategic business enabler, translating complex risks into actionable, executive-ready insights 

  • Champion a culture where risk awareness is embedded into daily decision-making, enabling intuitive and scalable risk-informed behaviors across the enterprise 

 

Risk Management Leadership 

  • Lead the design, implementation, and continuous improvement of Disney’s enterprise InfoSec Risk Management Framework 

  • Establish and operationalize risk tolerance models, translating business objectives into clear prioritization, investment, and remediation decisions 

  • Build and mature a centralized cybersecurity risk register integrating threat intelligence, vulnerabilities, and third-party risk data 

  • Drive risk-based prioritization across InfoSec functions to ensure measurable risk reduction and alignment to enterprise objectives 

  • Deliver clear, credible, and decision-ready risk reporting to executive leadership and the Board, including financial risk quantification (e.g., FAIR) 

 

Governance Program Leadership 

  • Oversee the full lifecycle of InfoSec policies, standards, and guidelines, ensuring they are risk-based, actionable, and aligned with business needs 

  • Embed governance controls into the technology lifecycle (e.g., DevSecOps, cloud, infrastructure-as-code), reducing reliance on manual processes through automation 

  • Establish a policy effectiveness framework focused on behavioral change and measurable risk reduction 

  • Define and advance governance strategies for emerging technologies, including AI/ML, quantum security, and autonomous systems 

  • Lead enterprise maturity assessments (e.g., NIST CSF) to identify gaps and inform strategic investment decisions 

 

Compliance Program Leadership 

  • Provide oversight of global regulatory and contractual compliance programs (e.g., SOX, PCI, GDPR, ISO), ensuring consistency and scalability 

  • Build and operationalize a “compliance-as-a-service” model that enables self-service, automates evidence collection, and minimizes burden on engineering teams 

  • Monitor and anticipate changes in the regulatory landscape, proactively positioning Disney to meet evolving requirements 

 

Organizational Leadership 

  • Lead, develop, and scale a high-performing global GRC organization, fostering a culture of accountability, innovation, and continuous improvement 

  • Drive organizational excellence through strong leadership, talent development, and a focus on delivering scalable, forward-looking solutions 

What You’ll Bring 

Must-Have Qualifications 

  • You will have 12+ years of progressive experience in cybersecurity, technology risk, or compliance, including 3+ years leading enterprise-scale GRC functions  

  • You will bring structured problem-solving, audit rigor, and enterprise advisory experience  

  • You will have industry experience within large, complex organizations, with the ability to operate effectively in highly matrixed environments  

  • You will have a proven track record of transforming GRC programs into risk-driven operating models that influence enterprise decision-making  

  • You will have deep expertise across risk management, governance, and compliance, including frameworks, policy lifecycle, automation, audit, and controls assurance) 

  • You will have strong working knowledge of industry frameworks and regulations, including NIST CSF, NIST 800-53, ISO 27001, PCI DSS 4.0, SOX ITGC, and GDPR  

  • You will have demonstrated executive presence and exceptional influence skills, with the ability to operate as a trusted advisor to senior leadership and translate complex technical risk into clear business insights  

  • You will have experience applying financial risk quantification methodologies (e.g., FAIR) to support investment and prioritization decisions  

  • You will have a strong customer-focused mindset, ensuring GRC solutions enable the business and enhance—not hinder—user and product experiences  

  • You will have experience leading in highly matrixed, global environments, driving alignment across engineering, security, and business stakeholders  

 

Leadership & Transformation Profile (Critical for Success) 

  • You will have a mindset of a thought partner—not just an operator—bringing a strategic, forward-looking perspective to GRC  

  • You will have a track record of asking hard questions, challenging legacy ways of working, and driving meaningful change across organizations  

  • You will have the ability to connect cost, customer experience, and operational efficiency into a cohesive, risk-informed strategy  

  • You will have demonstrated success leading large-scale transformation initiatives, influencing without authority, and driving adoption across complex organizations  

 

Technical Expertise 

  • You will have advanced expertise in audit methodologies, controls testing, and assurance processes, including ITGCs and automated control environments (must have qualification) 

  • You will have hands-on experience with leading GRC platforms (e.g., Archer, ServiceNow GRC, SailPoint)  

  • You will have a strong understanding of cloud security and compliance across AWS, Azure, and GCP environments  

  • You will have familiarity with DevSecOps practices and integrating security and governance into software development and infrastructure pipelines  

 

Nice-to-Have Qualifications 

  • You may have experience within media, entertainment, or similarly complex, consumer-facing industries  

  • You may have experience from a Big 4 consulting firm. 

  • You may have experience advancing emerging risk domains such as AI/ML governance, third-party risk, or next-generation compliance capabilities  

 

Education 

  • You will have a bachelor’s degree in computer science, information security, or a related field—or equivalent practical experience (education) 

  • You may have advanced degrees or relevant certifications (e.g., CISSP, CISM, CRISC) (education) 

 


The hiring range for this position in Orlando, FL is $197,500 to $265,000 per year and in Glendale,CA is $207,400 to $278,200 per year. The hiring range for this position in Seattle, WA is $217,300 to $291,500 per year and in New York, NY is $217,300 to $291,500 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

Apply Now

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world.

DISABILITY ACCOMMODATION FOR EMPLOYMENT APPLICATIONS

The Walt Disney Company and its Affiliated Companies are Equal Employment Opportunity employers and welcome all job seekers including individuals with disabilities and veterans with disabilities. If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or apply for a position, visit the Disney candidate disability accommodations FAQs. We will only respond to those requests that are related to the accessibility of the online application system due to a disability.

Having technical issues? View the FAQs for help.

Hiring Process

  • Where Does Your Story Begin?

    Explore Disney Careers and the Life at Disney blog to learn about all the amazing opportunities waiting to be discovered at The Walt Disney Company.

  • Be Part of the Story

    There are many different brands and businesses to explore. Once you've found the opportunity that is right for you, take the next step by completing your application.

  • The Next Chapter

    Once you've applied, you will receive an email allowing you to access your candidate dashboard. Create your login and make sure to check your dashboard often to see your application progress.

Explore this Location Glendale, CA

The Los Angeles County city is home to authentic Middle Eastern food, culture, and its very own “Walk of Fame.”

Related Jobs

OUR CULTURE

Related Content

campaign-__L10N__:English industry-The-Walt-Disney-Company-(Corporate) job_level-Executive job_status-Security-Engineering job_type-Regular salary_relocation-IT-Info-Security-(Jason-Whitehurst)-(51067192) multivaluefield2-The-Walt-Disney-Company-(Corporate)-The-Walt-Disney-Company-(Corporate) custom_fields.test-valuetest custom_fields.WDJobs-Yes custom_fields.Country-Disney_WD_English_Test custom_fields.test123-test123 custom_fields.FlexType-No custom_fields.TimeType-Full-Time custom_fields.Campaign2-Technology custom_fields.FeedOrgID-WD-English custom_fields.ContactFax-Disney-Worldwide-Services,-Inc. custom_fields.FilterFlag-No custom_fields.Jobcountry-United-States-of-America custom_fields.RemoteType-Primarily-On-Site-/-Occasionally-from-Home custom_fields.FullAddress-1200-Grand-Central-Ave&#xa;Glendale,-CA-91201&#xa;United-States-of-America custom_fields.legalEntity--1008-Disney-Worldwide-Services,-Inc. custom_fields.CheckEquality-Yes custom_fields.ChinaBusiness-The-Walt-Disney-Company-China custom_fields.EmptyLocation-Yes custom_fields.SecondaryCity-,Seattle,Lake-Buena-Vista,New-York custom_fields.WorkerSubType-Regular custom_fields.ExportLocation-Glendale,California,United-States-of-America;Glendale,CA,USA;New-York,NY,USA;Seattle,WA,USA;Lake-Buena-Vista,FL,USA;Seattle,Washington,United-States-of-America;Lake-Buena-Vista,Florida,United-States-of-America;New-York,New-York,United-States-of-America custom_fields.JobLevelCustom-Executive custom_fields.SecondaryState-,Washington,Florida,New-York custom_fields.contactCompany-The-Walt-Disney-Company-(Corporate) custom_fields.jobPostingSite-External custom_fields.LIWorkplaceType-On-site custom_fields.PrimaryLocation-USA---CA---1200-Grand-Central-Ave custom_fields.PriorityIndustry-The-Walt-Disney-Company-(Corporate) custom_fields.SecondaryCountry-United-States-of-America,United-States-of-America,United-States-of-America custom_fields.AdditionalLocation-Lake-Buena-Vista,-FL,-USA;-Seattle,-WA,-USA;-New-York,-NY,-USA;-Glendale,-CA,-USA custom_fields.FullJobDescription-<div><div><p><span><span>At-Disney, </span><span>we’re</span><span> storytellers.-We-make-the </span><span>impossible,</span><span> possible.-The-Walt-Disney-Company-(TWDC)-is-a-world-class-entertainment-and-technological-leader.-Walt’s-passion-was-to-continuously-envision-new-ways-to-move-audiences-around-the-world—a-passion-that </span><span>remains</span><span> our-touchstone-in-an-enterprise-that-stretches-from-theme-parks,-resorts-and-a-cruise-line-to-sports,-news, </span><span>movies</span><span> and-a-variety-of-other-businesses.-Uniting-each-endeavor-is-a-commitment-to-creating-and-delivering-unforgettable-experiences-—-and </span><span>we’re</span><span> constantly-looking-for-new-ways-to-enhance-these-exciting-experiences. </span></span><span> </span></p><p></p></div><div><p><span><span>The-Enterprise-Technology-mission-is-to-deliver-technology-solutions-that-align-to-business-strategies-while-enabling-enterprise-efficiency-and-promoting-cross-company-collaborative-innovation.-Our-group-drives-competitive-advantage-by-enhancing-our-consumer-experiences,-enabling-business-growth,-and-advancing-operational-excellence. </span></span><span> </span></p><p></p></div><div><p><b><span>Team-Description:</span></b><span> </span></p></div><div><p><span><span>The-Global-Information-Security-(GIS)</span></span><i><span> </span></i><span><span>group-provides-services-to-protect-the-value-and-use-of-Disney’s-information-through-collaboration,-standardization,-enforcement,-and-education-across-The-Walt-Disney-Company.-The </span><span>main-focus</span><span> areas-of-this-group-are:-Reduce-the-risk-of-both-accidental-and-malicious-data-disclosure;-I</span><span>dentify</span><span>,-monitor,-engage-with-complete-inventory-of-information; </span><span>Establish-</span><span>appropriate-policies</span><span> and-procedures-to-be-followed;-Educate-user-community-to-minimize-risk.</span></span><span> </span></p><p></p></div><div><p><span><span>Disney’s-InfoSec-GRC-team-is-seeking-a-transformational-leader-to-drive-the-next-evolution-of-Governance,-Risk,-and-Compliance-across-the-enterprise.-Reporting-to-the-VP-of-Information-Security,-this-role-will-lead-the-shift-from-a-traditional-compliance-driven-approach-to-a-modern,-risk-intelligence-led-model-that-enables-better-business-decisions,-strengthens-security-posture,-and-scales-with-Disney’s-global-technology-and-content-ecosystem.-This-leader-will-partner-closely-with-GIS-and-business-leadership-to-embed-risk-awareness-into-daily-operations,-ensuring-GRC-is-a-strategic-enabler-of-innovation—not-a-barrier.</span></span><span> </span></p></div><div><p></p><p><u><b><span>What-You&#39;ll-Do</span></b><span> </span></u></p></div><div><p><b><span>Transform-GRC-at-Disney</span></b><span> </span></p></div><div><ul><li><p><span><span>Drive-the-evolution-of-Disney’s-InfoSec-GRC-program-from-a-compliance-centric-model-to-a-dynamic,-risk-intelligence-led-capability-that-informs-enterprise-investment-and-prioritization-decisions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Define-and-elevate-GRC-standards-by-introducing-innovative-approaches-to-risk-quantification,-compliance-automation,-and-integrated-governance</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Partner-with-GIS-and-segment-technology-leadership-to-position-GRC-as-a-strategic-business-enabler,-translating-complex-risks-into-actionable,-executive-ready-insights</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Champion-a-culture-where-risk-awareness-is-embedded-into-daily-decision-making,-enabling-intuitive-and-scalable-risk-informed-behaviors-across-the-enterprise</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Risk-Management-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Lead-the-design,-implementation,-and-continuous-improvement-of-Disney’s-enterprise-InfoSec-Risk-Management-Framework</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish-and-operationalize-risk-tolerance-models,-translating-business </span><span>objectives</span><span> into-clear-prioritization,-investment,-and-remediation-decisions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build-and-mature-a-centralized-cybersecurity-risk-register-integrating-threat-intelligence,-vulnerabilities,-and-third-party-risk-data</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive-risk-based-prioritization-across-InfoSec-functions-to-ensure-measurable-risk-reduction-and-alignment-to-enterprise-objectives</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Deliver-clear,-credible,-and-decision-ready-risk-reporting-to-executive-leadership-and-the-Board,-including-financial-risk-quantification-(e.g.,-FAIR)</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Governance-Program-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Oversee-the-full-lifecycle-of-InfoSec-policies,-standards,-and-guidelines,-ensuring-they-are-risk-based,-actionable,-and-aligned-with-business-needs</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Embed-governance-controls-into-the-technology-lifecycle-(e.g., </span><span>DevSecOps</span><span>,-cloud,-infrastructure-as-code),-reducing-reliance-on-manual-processes-through-automation</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish-a-policy-effectiveness-framework-focused-on-behavioral-change-and-measurable-risk-reduction</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Define-and-advance-governance-strategies-for-emerging-technologies,-including-AI/ML,-quantum-security,-and-autonomous-systems</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Lead-enterprise-maturity-assessments-(e.g.,-NIST-CSF)-to </span><span>identify</span><span> gaps-and-inform-strategic-investment-decisions</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Compliance-Program-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Provide-oversight-of-global-regulatory-and-contractual-compliance-programs-(e.g.,-SOX,-PCI,-GDPR,-ISO),-ensuring-consistency-and-scalability</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build-and-operationalize-a-“compliance-as-a-service”-model-that-enables-self-service,-automates-evidence-collection,-and-minimizes-burden-on-engineering-teams</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Monitor-and </span><span>anticipate</span><span> changes-in-the-regulatory-landscape,-proactively-positioning-Disney-to-meet-evolving-requirements</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Organizational-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Lead,-develop,-and-scale-a-high-performing-global-GRC-organization,-fostering-a-culture-of-accountability,-innovation,-and-continuous-improvement</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive-organizational-excellence-through-strong-leadership,-talent-development,-and-a-focus-on-delivering-scalable,-forward-looking-solutions</span></span><span> </span></p></li></ul></div><div><p></p><p><b><span>What </span><span>You’ll</span><span> Bring</span></b><span> </span></p></div><div><p><i><span>Must-Have-Qualifications</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> 12&#43;-years-of-progressive-experience-in-cybersecurity,-technology-risk,-or-compliance,-including-3&#43;-years-leading-enterprise-scale-GRC-functions </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-bring</span></b><span><span> structured-problem-solving,-audit-rigor,-and-enterprise-advisory-experience </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> industry-experience-within-large,-complex-organizations,-with-the-ability-to </span><span>operate</span><span> effectively-in-highly-matrixed-environments </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-proven </span><span>track-record</span><span> of-transforming-GRC-programs-into-risk-driven-operating-models-that-influence-enterprise-decision-making </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> deep </span><span>expertise</span><span> across-risk-management,-governance,-and-compliance,-including-frameworks,-policy-lifecycle,-automation,-audit,-and-controls-assurance</span></span><i><span>)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> strong-working-knowledge-of-industry-frameworks-and-regulations,-including-NIST-CSF,-NIST-800-53,-ISO-27001,-PCI-DSS-4.0,-SOX-ITGC,-and-GDPR </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>demonstrated</span><span> executive-presence-and-exceptional-influence-skills,-with-the-ability-to </span><span>operate</span><span> as-a-trusted-advisor-to-senior-leadership-and-translate-complex-technical-risk-into-clear-business-insights </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> experience-applying-financial-risk-quantification-methodologies-(e.g.,-FAIR)-to-support-investment-and-prioritization-decisions </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-strong-customer-focused-mindset,-ensuring-GRC-solutions-enable-the-business-and-enhance—not-hinder—user-and-product-experiences </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> experience-leading-in-highly-matrixed,-global-environments,-driving-alignment-across-engineering,-security,-and-business-stakeholders </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Leadership-&amp;-Transformation-Profile-(Critical-for-Success)</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-mindset-of-a-thought-partner—not-just-an-operator—bringing-a-strategic,-forward-looking-perspective-to-GRC </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>a-track-record</span><span> of-asking </span><span>hard-questions</span><span>,-challenging-legacy-ways-of-working,-and-driving-meaningful-change-across-organizations </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> the-ability-to-connect-cost,-customer-experience,-and-operational-efficiency-into-a-cohesive,-risk-informed-strategy </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>demonstrated</span><span> success-leading-large-scale-transformation-initiatives,-influencing-without-authority,-and-driving-adoption-across-complex-organizations </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Technical-Expertise</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> advanced </span><span>expertise</span><span> in-audit-methodologies,-controls-testing,-and-assurance-processes,-including-ITGCs-and-automated-control-environments </span></span><i><span>(must-have-qualification)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> hands-on-experience-with-leading-GRC-platforms-(e.g.,-Archer,-ServiceNow-GRC,-SailPoint) </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-strong-understanding-of-cloud-security-and-compliance-across-AWS,-Azure,-and-GCP-environments </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> familiarity-with </span><span>DevSecOps</span><span> practices-and-integrating-security-and-governance-into-software-development-and-infrastructure-pipelines </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Nice-to-Have-Qualifications</span></i><span> </span></p></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-within-media,-entertainment,-or-similarly-complex,-consumer-facing-industries </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-from-a-Big-4-consulting-firm.</span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-advancing-emerging-risk-domains-such-as-AI/ML-governance,-third-party-risk,-or-next-generation-compliance-capabilities </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Education</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-bachelor’s-degree-in-computer-science,-information-security,-or-a-related-field—or-equivalent-practical-experience </span></span><i><span>(education)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> advanced-degrees-or-relevant-certifications-(e.g.,-CISSP,-CISM,-CRISC) </span></span><i><span>(education)</span></i><span> </span></p></li></ul></div><div><p><span> </span></p></div></div><br>The-hiring-range-for-this-position-in-Orlando,-FL-is-$197,500-to-$265,000-per-year-and-in-Glendale,CA-is-$207,400-to-$278,200-per-year.-The-hiring-range-for-this-position-in-Seattle,-WA-is-$217,300-to-$291,500-per-year-and-in-New-York,-NY-is-$217,300-to-$291,500-per-year.-The-base-pay-actually-offered-will-take-into-account-internal-equity-and-also-may-vary-depending-on-the-candidate’s-geographic-region,-job-related-knowledge,-skills,-and-experience-among-other-factors.-A-bonus-and/or-long-term-incentive-units-may-be-provided-as-part-of-the-compensation-package,-in-addition-to-the-full-range-of-medical,-financial,-and/or-other-benefits,-dependent-on-the-level-and-position-offered. custom_fields.IndustryCustomField-The-Walt-Disney-Company-(Corporate) custom_fields.ExternalReferenceCode-10151183 custom_fields.PayTransparencyStatement-The-hiring-range-for-this-position-in-Orlando,-FL-is-$197,500-to-$265,000-per-year-and-in-Glendale,CA-is-$207,400-to-$278,200-per-year.-The-hiring-range-for-this-position-in-Seattle,-WA-is-$217,300-to-$291,500-per-year-and-in-New-York,-NY-is-$217,300-to-$291,500-per-year.-The-base-pay-actually-offered-will-take-into-account-internal-equity-and-also-may-vary-depending-on-the-candidate’s-geographic-region,-job-related-knowledge,-skills,-and-experience-among-other-factors.-A-bonus-and/or-long-term-incentive-units-may-be-provided-as-part-of-the-compensation-package,-in-addition-to-the-full-range-of-medical,-financial,-and/or-other-benefits,-dependent-on-the-level-and-position-offered.

campaign-__L10N__:English industry-The-Walt-Disney-Company-(Corporate) job_level-Executive job_status-Security-Engineering job_type-Regular salary_relocation-IT-Info-Security-(Jason-Whitehurst)-(51067192) multivaluefield2-The-Walt-Disney-Company-(Corporate)-The-Walt-Disney-Company-(Corporate) custom_fields.test-valuetest custom_fields.WDJobs-Yes custom_fields.Country-Disney_WD_English_Test custom_fields.test123-test123 custom_fields.FlexType-No custom_fields.TimeType-Full-Time custom_fields.Campaign2-Technology custom_fields.FeedOrgID-WD-English custom_fields.ContactFax-Disney-Worldwide-Services,-Inc. custom_fields.FilterFlag-No custom_fields.Jobcountry-United-States-of-America custom_fields.RemoteType-Primarily-On-Site-/-Occasionally-from-Home custom_fields.FullAddress-1200-Grand-Central-Ave&#xa;Glendale,-CA-91201&#xa;United-States-of-America custom_fields.legalEntity--1008-Disney-Worldwide-Services,-Inc. custom_fields.CheckEquality-Yes custom_fields.ChinaBusiness-The-Walt-Disney-Company-China custom_fields.EmptyLocation-Yes custom_fields.SecondaryCity-,Seattle,Lake-Buena-Vista,New-York custom_fields.WorkerSubType-Regular custom_fields.ExportLocation-Glendale,California,United-States-of-America;Glendale,CA,USA;New-York,NY,USA;Seattle,WA,USA;Lake-Buena-Vista,FL,USA;Seattle,Washington,United-States-of-America;Lake-Buena-Vista,Florida,United-States-of-America;New-York,New-York,United-States-of-America custom_fields.JobLevelCustom-Executive custom_fields.SecondaryState-,Washington,Florida,New-York custom_fields.contactCompany-The-Walt-Disney-Company-(Corporate) custom_fields.jobPostingSite-External custom_fields.LIWorkplaceType-On-site custom_fields.PrimaryLocation-USA---CA---1200-Grand-Central-Ave custom_fields.PriorityIndustry-The-Walt-Disney-Company-(Corporate) custom_fields.SecondaryCountry-United-States-of-America,United-States-of-America,United-States-of-America custom_fields.AdditionalLocation-Lake-Buena-Vista,-FL,-USA;-Seattle,-WA,-USA;-New-York,-NY,-USA;-Glendale,-CA,-USA custom_fields.FullJobDescription-<div><div><p><span><span>At-Disney, </span><span>we’re</span><span> storytellers.-We-make-the </span><span>impossible,</span><span> possible.-The-Walt-Disney-Company-(TWDC)-is-a-world-class-entertainment-and-technological-leader.-Walt’s-passion-was-to-continuously-envision-new-ways-to-move-audiences-around-the-world—a-passion-that </span><span>remains</span><span> our-touchstone-in-an-enterprise-that-stretches-from-theme-parks,-resorts-and-a-cruise-line-to-sports,-news, </span><span>movies</span><span> and-a-variety-of-other-businesses.-Uniting-each-endeavor-is-a-commitment-to-creating-and-delivering-unforgettable-experiences-—-and </span><span>we’re</span><span> constantly-looking-for-new-ways-to-enhance-these-exciting-experiences. </span></span><span> </span></p><p></p></div><div><p><span><span>The-Enterprise-Technology-mission-is-to-deliver-technology-solutions-that-align-to-business-strategies-while-enabling-enterprise-efficiency-and-promoting-cross-company-collaborative-innovation.-Our-group-drives-competitive-advantage-by-enhancing-our-consumer-experiences,-enabling-business-growth,-and-advancing-operational-excellence. </span></span><span> </span></p><p></p></div><div><p><b><span>Team-Description:</span></b><span> </span></p></div><div><p><span><span>The-Global-Information-Security-(GIS)</span></span><i><span> </span></i><span><span>group-provides-services-to-protect-the-value-and-use-of-Disney’s-information-through-collaboration,-standardization,-enforcement,-and-education-across-The-Walt-Disney-Company.-The </span><span>main-focus</span><span> areas-of-this-group-are:-Reduce-the-risk-of-both-accidental-and-malicious-data-disclosure;-I</span><span>dentify</span><span>,-monitor,-engage-with-complete-inventory-of-information; </span><span>Establish-</span><span>appropriate-policies</span><span> and-procedures-to-be-followed;-Educate-user-community-to-minimize-risk.</span></span><span> </span></p><p></p></div><div><p><span><span>Disney’s-InfoSec-GRC-team-is-seeking-a-transformational-leader-to-drive-the-next-evolution-of-Governance,-Risk,-and-Compliance-across-the-enterprise.-Reporting-to-the-VP-of-Information-Security,-this-role-will-lead-the-shift-from-a-traditional-compliance-driven-approach-to-a-modern,-risk-intelligence-led-model-that-enables-better-business-decisions,-strengthens-security-posture,-and-scales-with-Disney’s-global-technology-and-content-ecosystem.-This-leader-will-partner-closely-with-GIS-and-business-leadership-to-embed-risk-awareness-into-daily-operations,-ensuring-GRC-is-a-strategic-enabler-of-innovation—not-a-barrier.</span></span><span> </span></p></div><div><p></p><p><u><b><span>What-You&#39;ll-Do</span></b><span> </span></u></p></div><div><p><b><span>Transform-GRC-at-Disney</span></b><span> </span></p></div><div><ul><li><p><span><span>Drive-the-evolution-of-Disney’s-InfoSec-GRC-program-from-a-compliance-centric-model-to-a-dynamic,-risk-intelligence-led-capability-that-informs-enterprise-investment-and-prioritization-decisions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Define-and-elevate-GRC-standards-by-introducing-innovative-approaches-to-risk-quantification,-compliance-automation,-and-integrated-governance</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Partner-with-GIS-and-segment-technology-leadership-to-position-GRC-as-a-strategic-business-enabler,-translating-complex-risks-into-actionable,-executive-ready-insights</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Champion-a-culture-where-risk-awareness-is-embedded-into-daily-decision-making,-enabling-intuitive-and-scalable-risk-informed-behaviors-across-the-enterprise</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Risk-Management-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Lead-the-design,-implementation,-and-continuous-improvement-of-Disney’s-enterprise-InfoSec-Risk-Management-Framework</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish-and-operationalize-risk-tolerance-models,-translating-business </span><span>objectives</span><span> into-clear-prioritization,-investment,-and-remediation-decisions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build-and-mature-a-centralized-cybersecurity-risk-register-integrating-threat-intelligence,-vulnerabilities,-and-third-party-risk-data</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive-risk-based-prioritization-across-InfoSec-functions-to-ensure-measurable-risk-reduction-and-alignment-to-enterprise-objectives</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Deliver-clear,-credible,-and-decision-ready-risk-reporting-to-executive-leadership-and-the-Board,-including-financial-risk-quantification-(e.g.,-FAIR)</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Governance-Program-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Oversee-the-full-lifecycle-of-InfoSec-policies,-standards,-and-guidelines,-ensuring-they-are-risk-based,-actionable,-and-aligned-with-business-needs</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Embed-governance-controls-into-the-technology-lifecycle-(e.g., </span><span>DevSecOps</span><span>,-cloud,-infrastructure-as-code),-reducing-reliance-on-manual-processes-through-automation</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish-a-policy-effectiveness-framework-focused-on-behavioral-change-and-measurable-risk-reduction</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Define-and-advance-governance-strategies-for-emerging-technologies,-including-AI/ML,-quantum-security,-and-autonomous-systems</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Lead-enterprise-maturity-assessments-(e.g.,-NIST-CSF)-to </span><span>identify</span><span> gaps-and-inform-strategic-investment-decisions</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Compliance-Program-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Provide-oversight-of-global-regulatory-and-contractual-compliance-programs-(e.g.,-SOX,-PCI,-GDPR,-ISO),-ensuring-consistency-and-scalability</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build-and-operationalize-a-“compliance-as-a-service”-model-that-enables-self-service,-automates-evidence-collection,-and-minimizes-burden-on-engineering-teams</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Monitor-and </span><span>anticipate</span><span> changes-in-the-regulatory-landscape,-proactively-positioning-Disney-to-meet-evolving-requirements</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Organizational-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Lead,-develop,-and-scale-a-high-performing-global-GRC-organization,-fostering-a-culture-of-accountability,-innovation,-and-continuous-improvement</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive-organizational-excellence-through-strong-leadership,-talent-development,-and-a-focus-on-delivering-scalable,-forward-looking-solutions</span></span><span> </span></p></li></ul></div><div><p></p><p><b><span>What </span><span>You’ll</span><span> Bring</span></b><span> </span></p></div><div><p><i><span>Must-Have-Qualifications</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> 12&#43;-years-of-progressive-experience-in-cybersecurity,-technology-risk,-or-compliance,-including-3&#43;-years-leading-enterprise-scale-GRC-functions </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-bring</span></b><span><span> structured-problem-solving,-audit-rigor,-and-enterprise-advisory-experience </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> industry-experience-within-large,-complex-organizations,-with-the-ability-to </span><span>operate</span><span> effectively-in-highly-matrixed-environments </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-proven </span><span>track-record</span><span> of-transforming-GRC-programs-into-risk-driven-operating-models-that-influence-enterprise-decision-making </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> deep </span><span>expertise</span><span> across-risk-management,-governance,-and-compliance,-including-frameworks,-policy-lifecycle,-automation,-audit,-and-controls-assurance</span></span><i><span>)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> strong-working-knowledge-of-industry-frameworks-and-regulations,-including-NIST-CSF,-NIST-800-53,-ISO-27001,-PCI-DSS-4.0,-SOX-ITGC,-and-GDPR </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>demonstrated</span><span> executive-presence-and-exceptional-influence-skills,-with-the-ability-to </span><span>operate</span><span> as-a-trusted-advisor-to-senior-leadership-and-translate-complex-technical-risk-into-clear-business-insights </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> experience-applying-financial-risk-quantification-methodologies-(e.g.,-FAIR)-to-support-investment-and-prioritization-decisions </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-strong-customer-focused-mindset,-ensuring-GRC-solutions-enable-the-business-and-enhance—not-hinder—user-and-product-experiences </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> experience-leading-in-highly-matrixed,-global-environments,-driving-alignment-across-engineering,-security,-and-business-stakeholders </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Leadership-&amp;-Transformation-Profile-(Critical-for-Success)</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-mindset-of-a-thought-partner—not-just-an-operator—bringing-a-strategic,-forward-looking-perspective-to-GRC </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>a-track-record</span><span> of-asking </span><span>hard-questions</span><span>,-challenging-legacy-ways-of-working,-and-driving-meaningful-change-across-organizations </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> the-ability-to-connect-cost,-customer-experience,-and-operational-efficiency-into-a-cohesive,-risk-informed-strategy </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>demonstrated</span><span> success-leading-large-scale-transformation-initiatives,-influencing-without-authority,-and-driving-adoption-across-complex-organizations </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Technical-Expertise</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> advanced </span><span>expertise</span><span> in-audit-methodologies,-controls-testing,-and-assurance-processes,-including-ITGCs-and-automated-control-environments </span></span><i><span>(must-have-qualification)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> hands-on-experience-with-leading-GRC-platforms-(e.g.,-Archer,-ServiceNow-GRC,-SailPoint) </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-strong-understanding-of-cloud-security-and-compliance-across-AWS,-Azure,-and-GCP-environments </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> familiarity-with </span><span>DevSecOps</span><span> practices-and-integrating-security-and-governance-into-software-development-and-infrastructure-pipelines </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Nice-to-Have-Qualifications</span></i><span> </span></p></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-within-media,-entertainment,-or-similarly-complex,-consumer-facing-industries </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-from-a-Big-4-consulting-firm.</span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-advancing-emerging-risk-domains-such-as-AI/ML-governance,-third-party-risk,-or-next-generation-compliance-capabilities </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Education</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-bachelor’s-degree-in-computer-science,-information-security,-or-a-related-field—or-equivalent-practical-experience </span></span><i><span>(education)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> advanced-degrees-or-relevant-certifications-(e.g.,-CISSP,-CISM,-CRISC) </span></span><i><span>(education)</span></i><span> </span></p></li></ul></div><div><p><span> </span></p></div></div><br>The-hiring-range-for-this-position-in-Orlando,-FL-is-$197,500-to-$265,000-per-year-and-in-Glendale,CA-is-$207,400-to-$278,200-per-year.-The-hiring-range-for-this-position-in-Seattle,-WA-is-$217,300-to-$291,500-per-year-and-in-New-York,-NY-is-$217,300-to-$291,500-per-year.-The-base-pay-actually-offered-will-take-into-account-internal-equity-and-also-may-vary-depending-on-the-candidate’s-geographic-region,-job-related-knowledge,-skills,-and-experience-among-other-factors.-A-bonus-and/or-long-term-incentive-units-may-be-provided-as-part-of-the-compensation-package,-in-addition-to-the-full-range-of-medical,-financial,-and/or-other-benefits,-dependent-on-the-level-and-position-offered. custom_fields.IndustryCustomField-The-Walt-Disney-Company-(Corporate) custom_fields.ExternalReferenceCode-10151183 custom_fields.PayTransparencyStatement-The-hiring-range-for-this-position-in-Orlando,-FL-is-$197,500-to-$265,000-per-year-and-in-Glendale,CA-is-$207,400-to-$278,200-per-year.-The-hiring-range-for-this-position-in-Seattle,-WA-is-$217,300-to-$291,500-per-year-and-in-New-York,-NY-is-$217,300-to-$291,500-per-year.-The-base-pay-actually-offered-will-take-into-account-internal-equity-and-also-may-vary-depending-on-the-candidate’s-geographic-region,-job-related-knowledge,-skills,-and-experience-among-other-factors.-A-bonus-and/or-long-term-incentive-units-may-be-provided-as-part-of-the-compensation-package,-in-addition-to-the-full-range-of-medical,-financial,-and/or-other-benefits,-dependent-on-the-level-and-position-offered.

campaign-__L10N__:English industry-The-Walt-Disney-Company-(Corporate) job_level-Executive job_status-Security-Engineering job_type-Regular salary_relocation-IT-Info-Security-(Jason-Whitehurst)-(51067192) multivaluefield2-The-Walt-Disney-Company-(Corporate)-The-Walt-Disney-Company-(Corporate) custom_fields.test-valuetest custom_fields.WDJobs-Yes custom_fields.Country-Disney_WD_English_Test custom_fields.test123-test123 custom_fields.FlexType-No custom_fields.TimeType-Full-Time custom_fields.Campaign2-Technology custom_fields.FeedOrgID-WD-English custom_fields.ContactFax-Disney-Worldwide-Services,-Inc. custom_fields.FilterFlag-No custom_fields.Jobcountry-United-States-of-America custom_fields.RemoteType-Primarily-On-Site-/-Occasionally-from-Home custom_fields.FullAddress-1200-Grand-Central-Ave&#xa;Glendale,-CA-91201&#xa;United-States-of-America custom_fields.legalEntity--1008-Disney-Worldwide-Services,-Inc. custom_fields.CheckEquality-Yes custom_fields.ChinaBusiness-The-Walt-Disney-Company-China custom_fields.EmptyLocation-Yes custom_fields.SecondaryCity-,Seattle,Lake-Buena-Vista,New-York custom_fields.WorkerSubType-Regular custom_fields.ExportLocation-Glendale,California,United-States-of-America;Glendale,CA,USA;New-York,NY,USA;Seattle,WA,USA;Lake-Buena-Vista,FL,USA;Seattle,Washington,United-States-of-America;Lake-Buena-Vista,Florida,United-States-of-America;New-York,New-York,United-States-of-America custom_fields.JobLevelCustom-Executive custom_fields.SecondaryState-,Washington,Florida,New-York custom_fields.contactCompany-The-Walt-Disney-Company-(Corporate) custom_fields.jobPostingSite-External custom_fields.LIWorkplaceType-On-site custom_fields.PrimaryLocation-USA---CA---1200-Grand-Central-Ave custom_fields.PriorityIndustry-The-Walt-Disney-Company-(Corporate) custom_fields.SecondaryCountry-United-States-of-America,United-States-of-America,United-States-of-America custom_fields.AdditionalLocation-Lake-Buena-Vista,-FL,-USA;-Seattle,-WA,-USA;-New-York,-NY,-USA;-Glendale,-CA,-USA custom_fields.FullJobDescription-<div><div><p><span><span>At-Disney, </span><span>we’re</span><span> storytellers.-We-make-the </span><span>impossible,</span><span> possible.-The-Walt-Disney-Company-(TWDC)-is-a-world-class-entertainment-and-technological-leader.-Walt’s-passion-was-to-continuously-envision-new-ways-to-move-audiences-around-the-world—a-passion-that </span><span>remains</span><span> our-touchstone-in-an-enterprise-that-stretches-from-theme-parks,-resorts-and-a-cruise-line-to-sports,-news, </span><span>movies</span><span> and-a-variety-of-other-businesses.-Uniting-each-endeavor-is-a-commitment-to-creating-and-delivering-unforgettable-experiences-—-and </span><span>we’re</span><span> constantly-looking-for-new-ways-to-enhance-these-exciting-experiences. </span></span><span> </span></p><p></p></div><div><p><span><span>The-Enterprise-Technology-mission-is-to-deliver-technology-solutions-that-align-to-business-strategies-while-enabling-enterprise-efficiency-and-promoting-cross-company-collaborative-innovation.-Our-group-drives-competitive-advantage-by-enhancing-our-consumer-experiences,-enabling-business-growth,-and-advancing-operational-excellence. </span></span><span> </span></p><p></p></div><div><p><b><span>Team-Description:</span></b><span> </span></p></div><div><p><span><span>The-Global-Information-Security-(GIS)</span></span><i><span> </span></i><span><span>group-provides-services-to-protect-the-value-and-use-of-Disney’s-information-through-collaboration,-standardization,-enforcement,-and-education-across-The-Walt-Disney-Company.-The </span><span>main-focus</span><span> areas-of-this-group-are:-Reduce-the-risk-of-both-accidental-and-malicious-data-disclosure;-I</span><span>dentify</span><span>,-monitor,-engage-with-complete-inventory-of-information; </span><span>Establish-</span><span>appropriate-policies</span><span> and-procedures-to-be-followed;-Educate-user-community-to-minimize-risk.</span></span><span> </span></p><p></p></div><div><p><span><span>Disney’s-InfoSec-GRC-team-is-seeking-a-transformational-leader-to-drive-the-next-evolution-of-Governance,-Risk,-and-Compliance-across-the-enterprise.-Reporting-to-the-VP-of-Information-Security,-this-role-will-lead-the-shift-from-a-traditional-compliance-driven-approach-to-a-modern,-risk-intelligence-led-model-that-enables-better-business-decisions,-strengthens-security-posture,-and-scales-with-Disney’s-global-technology-and-content-ecosystem.-This-leader-will-partner-closely-with-GIS-and-business-leadership-to-embed-risk-awareness-into-daily-operations,-ensuring-GRC-is-a-strategic-enabler-of-innovation—not-a-barrier.</span></span><span> </span></p></div><div><p></p><p><u><b><span>What-You&#39;ll-Do</span></b><span> </span></u></p></div><div><p><b><span>Transform-GRC-at-Disney</span></b><span> </span></p></div><div><ul><li><p><span><span>Drive-the-evolution-of-Disney’s-InfoSec-GRC-program-from-a-compliance-centric-model-to-a-dynamic,-risk-intelligence-led-capability-that-informs-enterprise-investment-and-prioritization-decisions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Define-and-elevate-GRC-standards-by-introducing-innovative-approaches-to-risk-quantification,-compliance-automation,-and-integrated-governance</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Partner-with-GIS-and-segment-technology-leadership-to-position-GRC-as-a-strategic-business-enabler,-translating-complex-risks-into-actionable,-executive-ready-insights</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Champion-a-culture-where-risk-awareness-is-embedded-into-daily-decision-making,-enabling-intuitive-and-scalable-risk-informed-behaviors-across-the-enterprise</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Risk-Management-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Lead-the-design,-implementation,-and-continuous-improvement-of-Disney’s-enterprise-InfoSec-Risk-Management-Framework</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish-and-operationalize-risk-tolerance-models,-translating-business </span><span>objectives</span><span> into-clear-prioritization,-investment,-and-remediation-decisions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build-and-mature-a-centralized-cybersecurity-risk-register-integrating-threat-intelligence,-vulnerabilities,-and-third-party-risk-data</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive-risk-based-prioritization-across-InfoSec-functions-to-ensure-measurable-risk-reduction-and-alignment-to-enterprise-objectives</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Deliver-clear,-credible,-and-decision-ready-risk-reporting-to-executive-leadership-and-the-Board,-including-financial-risk-quantification-(e.g.,-FAIR)</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Governance-Program-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Oversee-the-full-lifecycle-of-InfoSec-policies,-standards,-and-guidelines,-ensuring-they-are-risk-based,-actionable,-and-aligned-with-business-needs</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Embed-governance-controls-into-the-technology-lifecycle-(e.g., </span><span>DevSecOps</span><span>,-cloud,-infrastructure-as-code),-reducing-reliance-on-manual-processes-through-automation</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish-a-policy-effectiveness-framework-focused-on-behavioral-change-and-measurable-risk-reduction</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Define-and-advance-governance-strategies-for-emerging-technologies,-including-AI/ML,-quantum-security,-and-autonomous-systems</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Lead-enterprise-maturity-assessments-(e.g.,-NIST-CSF)-to </span><span>identify</span><span> gaps-and-inform-strategic-investment-decisions</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Compliance-Program-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Provide-oversight-of-global-regulatory-and-contractual-compliance-programs-(e.g.,-SOX,-PCI,-GDPR,-ISO),-ensuring-consistency-and-scalability</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build-and-operationalize-a-“compliance-as-a-service”-model-that-enables-self-service,-automates-evidence-collection,-and-minimizes-burden-on-engineering-teams</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Monitor-and </span><span>anticipate</span><span> changes-in-the-regulatory-landscape,-proactively-positioning-Disney-to-meet-evolving-requirements</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><b><span>Organizational-Leadership</span></b><span> </span></p></div><div><ul><li><p><span><span>Lead,-develop,-and-scale-a-high-performing-global-GRC-organization,-fostering-a-culture-of-accountability,-innovation,-and-continuous-improvement</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive-organizational-excellence-through-strong-leadership,-talent-development,-and-a-focus-on-delivering-scalable,-forward-looking-solutions</span></span><span> </span></p></li></ul></div><div><p></p><p><b><span>What </span><span>You’ll</span><span> Bring</span></b><span> </span></p></div><div><p><i><span>Must-Have-Qualifications</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> 12&#43;-years-of-progressive-experience-in-cybersecurity,-technology-risk,-or-compliance,-including-3&#43;-years-leading-enterprise-scale-GRC-functions </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-bring</span></b><span><span> structured-problem-solving,-audit-rigor,-and-enterprise-advisory-experience </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> industry-experience-within-large,-complex-organizations,-with-the-ability-to </span><span>operate</span><span> effectively-in-highly-matrixed-environments </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-proven </span><span>track-record</span><span> of-transforming-GRC-programs-into-risk-driven-operating-models-that-influence-enterprise-decision-making </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> deep </span><span>expertise</span><span> across-risk-management,-governance,-and-compliance,-including-frameworks,-policy-lifecycle,-automation,-audit,-and-controls-assurance</span></span><i><span>)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> strong-working-knowledge-of-industry-frameworks-and-regulations,-including-NIST-CSF,-NIST-800-53,-ISO-27001,-PCI-DSS-4.0,-SOX-ITGC,-and-GDPR </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>demonstrated</span><span> executive-presence-and-exceptional-influence-skills,-with-the-ability-to </span><span>operate</span><span> as-a-trusted-advisor-to-senior-leadership-and-translate-complex-technical-risk-into-clear-business-insights </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> experience-applying-financial-risk-quantification-methodologies-(e.g.,-FAIR)-to-support-investment-and-prioritization-decisions </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-strong-customer-focused-mindset,-ensuring-GRC-solutions-enable-the-business-and-enhance—not-hinder—user-and-product-experiences </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> experience-leading-in-highly-matrixed,-global-environments,-driving-alignment-across-engineering,-security,-and-business-stakeholders </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Leadership-&amp;-Transformation-Profile-(Critical-for-Success)</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-mindset-of-a-thought-partner—not-just-an-operator—bringing-a-strategic,-forward-looking-perspective-to-GRC </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>a-track-record</span><span> of-asking </span><span>hard-questions</span><span>,-challenging-legacy-ways-of-working,-and-driving-meaningful-change-across-organizations </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> the-ability-to-connect-cost,-customer-experience,-and-operational-efficiency-into-a-cohesive,-risk-informed-strategy </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> </span><span>demonstrated</span><span> success-leading-large-scale-transformation-initiatives,-influencing-without-authority,-and-driving-adoption-across-complex-organizations </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Technical-Expertise</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> advanced </span><span>expertise</span><span> in-audit-methodologies,-controls-testing,-and-assurance-processes,-including-ITGCs-and-automated-control-environments </span></span><i><span>(must-have-qualification)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> hands-on-experience-with-leading-GRC-platforms-(e.g.,-Archer,-ServiceNow-GRC,-SailPoint) </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-strong-understanding-of-cloud-security-and-compliance-across-AWS,-Azure,-and-GCP-environments </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> familiarity-with </span><span>DevSecOps</span><span> practices-and-integrating-security-and-governance-into-software-development-and-infrastructure-pipelines </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Nice-to-Have-Qualifications</span></i><span> </span></p></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-within-media,-entertainment,-or-similarly-complex,-consumer-facing-industries </span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-from-a-Big-4-consulting-firm.</span></span><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> experience-advancing-emerging-risk-domains-such-as-AI/ML-governance,-third-party-risk,-or-next-generation-compliance-capabilities </span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><i><span>Education</span></i><span> </span></p></div><div><ul><li><p><b><span>You-will-have</span></b><span><span> a-bachelor’s-degree-in-computer-science,-information-security,-or-a-related-field—or-equivalent-practical-experience </span></span><i><span>(education)</span></i><span> </span></p></li></ul></div><div><ul><li><p><b><span>You-may-have</span></b><span><span> advanced-degrees-or-relevant-certifications-(e.g.,-CISSP,-CISM,-CRISC) </span></span><i><span>(education)</span></i><span> </span></p></li></ul></div><div><p><span> </span></p></div></div><br>The-hiring-range-for-this-position-in-Orlando,-FL-is-$197,500-to-$265,000-per-year-and-in-Glendale,CA-is-$207,400-to-$278,200-per-year.-The-hiring-range-for-this-position-in-Seattle,-WA-is-$217,300-to-$291,500-per-year-and-in-New-York,-NY-is-$217,300-to-$291,500-per-year.-The-base-pay-actually-offered-will-take-into-account-internal-equity-and-also-may-vary-depending-on-the-candidate’s-geographic-region,-job-related-knowledge,-skills,-and-experience-among-other-factors.-A-bonus-and/or-long-term-incentive-units-may-be-provided-as-part-of-the-compensation-package,-in-addition-to-the-full-range-of-medical,-financial,-and/or-other-benefits,-dependent-on-the-level-and-position-offered. custom_fields.IndustryCustomField-The-Walt-Disney-Company-(Corporate) custom_fields.ExternalReferenceCode-10151183 custom_fields.PayTransparencyStatement-The-hiring-range-for-this-position-in-Orlando,-FL-is-$197,500-to-$265,000-per-year-and-in-Glendale,CA-is-$207,400-to-$278,200-per-year.-The-hiring-range-for-this-position-in-Seattle,-WA-is-$217,300-to-$291,500-per-year-and-in-New-York,-NY-is-$217,300-to-$291,500-per-year.-The-base-pay-actually-offered-will-take-into-account-internal-equity-and-also-may-vary-depending-on-the-candidate’s-geographic-region,-job-related-knowledge,-skills,-and-experience-among-other-factors.-A-bonus-and/or-long-term-incentive-units-may-be-provided-as-part-of-the-compensation-package,-in-addition-to-the-full-range-of-medical,-financial,-and/or-other-benefits,-dependent-on-the-level-and-position-offered.

  • Executive Leadership

    Our senior executives bring tremendous experience, visionary thinking and a shared commitment to excellence, creativity and innovation to the day to day operation of the company.

    Learn more 

  • Social Responsibility

    Explore our commitments and our work to create a better world through our stories, experiences, operations, and philanthropy.

    Learn more 

  • Inclusion

    At Disney, we want everyone to belong and thrive. Creating a welcoming and respectful environment for our employees and guests is core to our company culture and our business. We strive to build supportive work environments that drive innovation and reinforce a culture in which all employees feel welcome, respected, and valued.

    Learn more 

  • Heroes Work Here

    Heroes Work Here reflects the long history of respect and appreciation Disney has for the U.S. Armed Services. We recognize the commitment and dedication it takes to serve your country, both as military personnel and military spouses, and value the leadership skills and sense of purpose it has instilled in you.

    Learn more 

Sign Up for Job Alerts

Get the latest job opportunities as they become available.

Watch Our Jobs

An asterisk indicates a required field.

Interested InSelect a job category from the list of options. Select a location from the list of options. Finally, click “Add” to create your job alert.

By clicking "Submit", you agree to our Terms of Use and acknowledge that you have read our Privacy Policy.

By clicking "Submit", you agree to our Terms of Use and acknowledge that you have read our Privacy Policy. If I have elected to receive marketing messages or newsletters, I may withdraw my consent for these marketing messages at any time.

By clicking "Submit", you agree to our Terms of Use and acknowledge that you have read our Privacy Policy, Cookies Policy and EU Privacy Rights.

How we use your personal information and your rights:

  1. Your personal information is controlled by The Walt Disney Company Limited of 3 Queen Caroline Street, London, W6 9PE, United Kingdom.
  2. When you visit or shop with Disney or use any Disney product, service or mobile application, other members of The Walt Disney Company Family of Companies may also use your information to provide you these services, personalise your experience and send you service related updates and communications.
  3. You have a number of rights including the right to request access to, change, or remove your personal information, or to change your marketing preferences (including withdrawing your consent at any time.) Please see our Privacy Policy to learn more about managing your marketing preferences or deleting your account.
  4. Our Data Protection Officer can be contacted by emailing: dataprotection@disney.co.uk.
  5. You have a right to lodge a complaint with the UK Information Commissioner's Office: https://ico.org.uk/.
  6. For more information about Disney's data collection and use practices please read Disney's Privacy Policy.

By clicking "Submit", you agree to our Terms of Use and acknowledge that you have read our Privacy Policy and Collection Statement.

For more information about our general data collection, use, and practices, including how to manage your preferences, please read our Privacy Policy. I have read and agree to the Terms of Use.