Executive Director, Info Security

Job ID 10152675 Location Seattle, Washington, United States / Glendale, California, United States / New York, New York, United States / Orlando, Florida, United States Business The Walt Disney Company (Corporate) Date posted May 29, 2026

Apply Now

Job Summary:

Department Description

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world - a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, TV, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology & Data mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. Global Information Security (GIS) provides services to protect the value and use of Disney’s information through collaboration, empowerment, and education across The Walt Disney Company.

Team Description:

At Disney, innovation and imagination fuel everything we do. The InfoSec Governance, Risk & Compliance (GRC) team is not just a guardian of standards - we are leaders who drive the evolution of information security. As a strategic powerhouse in the GIS organization, our mission transcends compliance, setting new benchmarks for risk intelligence, automation, and integrated governance. We aim to redefine what “great” looks like, pioneering visionary approaches that shape how Disney (and the industry) understands and manages security risk.

The GRC team is the pulse of Disney’s enterprise technology ecosystem. We don’t just follow regulatory mandates; we leap ahead, leveraging data-driven insights, advanced risk quantification, and automated control frameworks to empower business leaders and technologists. Our collaborative culture ensures that every corner of GIS speaks a unified risk language, propelling risk-aware thinking to the forefront of daily business decisions and fueling cross-company innovation.

By joining this team, you become a change agent, transforming GRC from a “checkbox” function to a dynamic, strategic enabler. You will lead and inspire a diverse, high-performing group that anticipates emerging risk domains, shapes industry-leading policy design, and drives measurable, business-aligned security outcomes. If your passion is to advance, not just meet, industry standards, and to make a lasting impact on a legendary brand’s global footprint, the InfoSec GRC team at Disney is your stage.

Responsibilities of Role (List in order of priority, first few bullets should be the most important):

Transform GRC at Disney
- Drive continous evolution of Disney’s InfoSec GRC program, replacing compliance-centric, checkbox-driven operations with a dynamic, risk-intelligence-led model that directly informs how Disney prioritizes investment, staffing, and remediation.
- Define what “great” looks like, not by referencing existing standards but by advancing them. Develop novel approaches to risk quantification, compliance automation, and governance integration.
- Partner with GIS Leadership and Segment CTO teams to ensure the GRC program functions as a strategic business enabler, translating complex risk landscapes into executive- and board-ready insights that drive confident decision-making.
- Champion a culture shift across all of GIS and the broader enterprise: risk awareness is everyone’s job, and GRC’s role is to make risk-informed thinking intuitive, not burdensome.

Risk Management Leadership
- Oversee the development and ongoing operations of Disney’s comprehensive InfoSec Risk Management program, including the establishment, implementation, and continuous improvement of the enterprise Risk Management Framework.
- Establish and operationalize risk tolerance frameworks in partnership with executive leadership, defining clear thresholds that translate business appetite into actionable security investment and prioritization decisions.
- Build and mature a cybersecurity risk register that serves as the authoritative source of truth for Disney’s threat and control posture, dynamically integrated with threat intelligence, vulnerability management, and third-party risk inputs.
- Drive risk-based prioritization across all InfoSec operational functions (engineering, red team, SOC, cloud security, etc.) - ensuring that every team’s roadmap is anchored in defensible risk reduction rationale, not reactive urgency.
- Develop executive and board-level risk reporting that is clear, credible, and decision-ready; ensure Disney’s risk narrative is consistent from the CISO to the Audit Committee.
- Lead efforts to quantify InfoSec risk in financial terms (FAIR or equivalent), enabling direct comparison of security investment across Disney’s ubiquitous businesses and against measurable risk reduction outcomes.
- Lead a third-party and supply chain risk intelligence capability that goes beyond questionnaire-based assessments by integrating continuous external attack surface monitoring, threat intelligence on vendor compromise activity, and contractual control requirements into a unified third-party risk posture.

Governance Program Leadership
- Oversee the development, maintenance, and lifecycle management of enterprise-wide Information Security policies, standards, and guidelines, ensuring they are risk-based, clear, and aligned to business realities (not just regulatory checklists).
- Drive automated policy enforcement and integration of governance requirements into the technology design lifecycle (DevSecOps, cloud provisioning, infrastructure-as-code, etc.), reducing reliance on manual control operations and attestation.
- Lead the development of a policy effectiveness measurement framework that moves beyond “is the policy published and attested to?” toward “is the policy actually changing behavior and reducing risk?” (tracked via control telemetry, exception rates, and risk outcome data).
- Pioneer a forward-looking policy architecture that anticipates emerging technology risk domains (AI/ML model governance, quantum-safe cryptography transition, agentic automation).
- Oversee annual NIST CSF assessments and provide rigorous, actionable reporting to the CISO and senior leadership on program maturity and investment gaps.
- In partnership with ISO teams, lead the Governance team in providing consultation to segments and business units, ensuring security requirements are understood, contextualized, and achievable - not perceived as obstacles.

Compliance Program Leadership
- Provide oversight across all regulatory, contractual, and policy compliance programs, including SOX 404, PCI DSS, K-ISMS, GDPR, COPPA, ISO 27001, and more.
- Build compliance-as-a-service capabilities for technology teams: engineers and product owners access a self-service portal to understand what compliance requirements apply to their system, what controls are already satisfied by platform-level implementations they inherit, what evidence is auto-collected on their behalf, and what residual actions remain — compliance burden on tech teams is measured and systematically driven toward zero.
- Proactively monitor the regulatory horizon: identify emerging requirements before they become mandates, and position Disney to comply with confidence rather than scrambling.

Organizational Leadership
- Lead, develop, and inspire a high-performing organization of ~40+ professionals across Governance, Compliance, and Risk Management.
- Model and demand intellectual rigor, ownership, and a continuous improvement mindset - leading a team that challenges assumptions, identifies root causes, and delivers scalable and dynamic solutions.

Must Haves (Years of Experience, languages, programs, tools, etc.):

Experience & Expertise
- 12+ years of progressive experience in cybersecurity, technology risk, or technology compliance, with a minimum of 3 years in leadership roles overseeing GRC functions at enterprise scale.
- Demonstrated track record of building and transforming GRC programs, moving organizations to risk-driven operating models.
- Deep expertise across the full GRC spectrum: risk management (frameworks, quantification, reporting), governance (policy lifecycle, automated enforcement, metrics), and compliance (regulatory audit management, controls assurance, overall audit alignment).
- Extensive knowledge of information security risk, governance, and control frameworks: NIST CSF, NIST 800-53, ISO/IEC 27001, PCI DSS 4.0, SOX ITGC, GDPR.
- Proven executive presence: ability to command a room, build trust with senior leadership, and translate highly technical risk concepts into clear business language.
- Strong experience in risk quantification methodologies (FAIR or equivalent) and experience driving financial-terms risk reporting for executive audiences.

Technical Knowledge
- Expert-level understanding of security audit methodologies, controls testing, and assurance processes across both IT general controls (ITGCs) and automated application controls.
- Hands-on familiarity with implementing and operating GRC tooling and platforms (Archer, SailPoint, ServiceNow GRC, or equivalent).
- Solid understanding of cloud security architecture and the compliance implications of cloud-native environments (IaaS, PaaS, SaaS) across major providers (AWS, Azure, GCP).
- Familiarity with DevSecOps practices and the integration of security governance and compliance controls into software development and infrastructure deployment pipelines.

Nice To Haves (see above):

Experience in the Media & Entertainment, Sports, Hospitality, and/or Retail industries.
An understanding of the unique regulatory, content protection, and consumer-facing risks and compliance requirements of a global entertainment brand.
Big 4 accounting firm experience (audit or advisory) with direct exposure to Fortune 100 technology and security compliance programs.
CPA certification (active or expired).
Experience operating in a large, complex, matrixed enterprise with multiple business segments, regulatory regimes, and stakeholder groups.

Education:

Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience.
One or more of the following certifications required: CISSP, CISM, CISA, CRISC.

The hiring range for this position in Orlando, FL is $197,500 to $265,000 per year and in Glendale,CA is $207,400 to $278,200 per year. The hiring range for this position in Seattle, WA is $217,300 to $291,500 per year and in New York, NY is $217,300 to $291,500 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

Apply Now

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world.

DISABILITY ACCOMMODATION FOR EMPLOYMENT APPLICATIONS

The Walt Disney Company and its Affiliated Companies are Equal Employment Opportunity employers and welcome all job seekers including individuals with disabilities and veterans with disabilities. If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or apply for a position, visit the Disney candidate disability accommodations FAQs. We will only respond to those requests that are related to the accessibility of the online application system due to a disability.

Having technical issues? View the FAQs for help.

Hiring Process

Where Does Your Story Begin?

Explore Disney Careers and the Life at Disney blog to learn about all the amazing opportunities waiting to be discovered at The Walt Disney Company.
Be Part of the Story

There are many different brands and businesses to explore. Once you've found the opportunity that is right for you, take the next step by completing your application.
The Next Chapter

Once you've applied, you will receive an email allowing you to access your candidate dashboard. Create your login and make sure to check your dashboard often to see your application progress.

Explore this Location Seattle, WA

With a thriving food-and-drink scene, eclectic neighborhoods and a stunning coastal setting, Seattle is a dynamic urban enclave nestled in the Pacific Northwest. The city is bounded by Lake Washington in the east and Puget Sound to the west, an ideal location for water recreation and sight-seeing cruises.