Executive Director, Information Security
応募 後で応募 Job ID 10151183 勤務地-都市 グレンデール, カリフォルニア州, アメリカ合衆国 / ニューヨーク, ニューヨーク州, アメリカ合衆国 / シアトル, ワシントン州, アメリカ合衆国 / Lake Buena Vista, フロリダ州, アメリカ合衆国 勤務地-国 The Walt Disney Company (Corporate) 掲載日 2026/05/26仕事内容:
At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.
The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.
Team Description:
The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are: Reduce the risk of both accidental and malicious data disclosure; Identify, monitor, engage with complete inventory of information; Establish appropriate policies and procedures to be followed; Educate user community to minimize risk.
Disney’s InfoSec GRC team is seeking a transformational leader to drive the next evolution of Governance, Risk, and Compliance across the enterprise. Reporting to the VP of Information Security, this role will lead the shift from a traditional compliance-driven approach to a modern, risk-intelligence-led model that enables better business decisions, strengthens security posture, and scales with Disney’s global technology and content ecosystem. This leader will partner closely with GIS and business leadership to embed risk awareness into daily operations, ensuring GRC is a strategic enabler of innovation—not a barrier.
What You'll Do
Transform GRC at Disney
Drive the evolution of Disney’s InfoSec GRC program from a compliance-centric model to a dynamic, risk-intelligence-led capability that informs enterprise investment and prioritization decisions
Define and elevate GRC standards by introducing innovative approaches to risk quantification, compliance automation, and integrated governance
Partner with GIS and segment technology leadership to position GRC as a strategic business enabler, translating complex risks into actionable, executive-ready insights
Champion a culture where risk awareness is embedded into daily decision-making, enabling intuitive and scalable risk-informed behaviors across the enterprise
Risk Management Leadership
Lead the design, implementation, and continuous improvement of Disney’s enterprise InfoSec Risk Management Framework
Establish and operationalize risk tolerance models, translating business objectives into clear prioritization, investment, and remediation decisions
Build and mature a centralized cybersecurity risk register integrating threat intelligence, vulnerabilities, and third-party risk data
Drive risk-based prioritization across InfoSec functions to ensure measurable risk reduction and alignment to enterprise objectives
Deliver clear, credible, and decision-ready risk reporting to executive leadership and the Board, including financial risk quantification (e.g., FAIR)
Governance Program Leadership
Oversee the full lifecycle of InfoSec policies, standards, and guidelines, ensuring they are risk-based, actionable, and aligned with business needs
Embed governance controls into the technology lifecycle (e.g., DevSecOps, cloud, infrastructure-as-code), reducing reliance on manual processes through automation
Establish a policy effectiveness framework focused on behavioral change and measurable risk reduction
Define and advance governance strategies for emerging technologies, including AI/ML, quantum security, and autonomous systems
Lead enterprise maturity assessments (e.g., NIST CSF) to identify gaps and inform strategic investment decisions
Compliance Program Leadership
Provide oversight of global regulatory and contractual compliance programs (e.g., SOX, PCI, GDPR, ISO), ensuring consistency and scalability
Build and operationalize a “compliance-as-a-service” model that enables self-service, automates evidence collection, and minimizes burden on engineering teams
Monitor and anticipate changes in the regulatory landscape, proactively positioning Disney to meet evolving requirements
Organizational Leadership
Lead, develop, and scale a high-performing global GRC organization, fostering a culture of accountability, innovation, and continuous improvement
Drive organizational excellence through strong leadership, talent development, and a focus on delivering scalable, forward-looking solutions
What You’ll Bring
Must-Have Qualifications
You will have 12+ years of progressive experience in cybersecurity, technology risk, or compliance, including 3+ years leading enterprise-scale GRC functions
You will bring structured problem-solving, audit rigor, and enterprise advisory experience
You will have industry experience within large, complex organizations, with the ability to operate effectively in highly matrixed environments
You will have a proven track record of transforming GRC programs into risk-driven operating models that influence enterprise decision-making
You will have deep expertise across risk management, governance, and compliance, including frameworks, policy lifecycle, automation, audit, and controls assurance)
You will have strong working knowledge of industry frameworks and regulations, including NIST CSF, NIST 800-53, ISO 27001, PCI DSS 4.0, SOX ITGC, and GDPR
You will have demonstrated executive presence and exceptional influence skills, with the ability to operate as a trusted advisor to senior leadership and translate complex technical risk into clear business insights
You will have experience applying financial risk quantification methodologies (e.g., FAIR) to support investment and prioritization decisions
You will have a strong customer-focused mindset, ensuring GRC solutions enable the business and enhance—not hinder—user and product experiences
You will have experience leading in highly matrixed, global environments, driving alignment across engineering, security, and business stakeholders
Leadership & Transformation Profile (Critical for Success)
You will have a mindset of a thought partner—not just an operator—bringing a strategic, forward-looking perspective to GRC
You will have a track record of asking hard questions, challenging legacy ways of working, and driving meaningful change across organizations
You will have the ability to connect cost, customer experience, and operational efficiency into a cohesive, risk-informed strategy
You will have demonstrated success leading large-scale transformation initiatives, influencing without authority, and driving adoption across complex organizations
Technical Expertise
You will have advanced expertise in audit methodologies, controls testing, and assurance processes, including ITGCs and automated control environments (must have qualification)
You will have hands-on experience with leading GRC platforms (e.g., Archer, ServiceNow GRC, SailPoint)
You will have a strong understanding of cloud security and compliance across AWS, Azure, and GCP environments
You will have familiarity with DevSecOps practices and integrating security and governance into software development and infrastructure pipelines
Nice-to-Have Qualifications
You may have experience within media, entertainment, or similarly complex, consumer-facing industries
You may have experience from a Big 4 consulting firm.
You may have experience advancing emerging risk domains such as AI/ML governance, third-party risk, or next-generation compliance capabilities
Education
You will have a bachelor’s degree in computer science, information security, or a related field—or equivalent practical experience (education)
You may have advanced degrees or relevant certifications (e.g., CISSP, CISM, CRISC) (education)
The hiring range for this position in Orlando, FL is $197,500 to $265,000 per year and in Glendale,CA is $207,400 to $278,200 per year. The hiring range for this position in Seattle, WA is $217,300 to $291,500 per year and in New York, NY is $217,300 to $291,500 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
The Walt Disney Company (Corporate) について:
The Walt Disney Companyでは強力なブランドが集結し、最も革新的で、広範囲にわたる影響力と尊敬される企業をグローバルで構築しています。記憶に残るエンターテインメントと体験の裏では、才能ある人材で構成された多種多様なビジネスサポートチームが、ディズニーの比類なきストーリーに生命を吹き込むために尽力しています。
The Walt Disney Company について:
The Walt Disney Companyは、その子会社・関連会社とともに、多様性あふれる国際企業として、Disney Entertainment、ESPN、Disney Experiencesの3事業を柱に、ファミリー向けエンターテインメントとメディアの世界をけん引しています。1920年代に小さなアニメ・スタジオとしてスタートしたDisneyは、今日のエンターテインメント業界において卓越した存在となりました。ディズニーは今後も、子供から大人まで、ご家族のだれもが楽しめる一流の物語や体験を生み出し続けます。Disneyのストーリーやキャラクター、体験は、世界中のあらゆる場所の消費者やお客様に届けられています。当社は40カ国以上で、従業員とキャストメンバーが一丸となり、世界的にも地域的にも歓迎されるエンターテインメント体験を創出しています。
このポジションは Disney Worldwide Services, Inc. という事業部門の一つである The Walt Disney Company (Corporate)でのお仕事です。
Disney Worldwide Services, Inc. は機会均等雇用主です。応募者は、人種、宗教、肌の色、性別、性的指向、ジェンダー、性自認、性表現、国籍、家柄、年齢、配偶者の有無、軍役経験の有無やその地位、健康状態、遺伝情報や障がい、または連邦法や州法、地方法で禁止されているその他の法的根拠に関係なく、雇用の検討対象となります。Disneyは、すべての人々のアイデアと決断が、成長、革新、最高のストーリーの創造に役立ち、絶えず進化する世界において、価値ある存在になれるよう支援するビジネス環境を支持します。