Manager Enterprise Security Compliance

Department Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) group provides services to protect the value and use of Disney's information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are:

• Reduce the risk of both accidental and malicious data disclosure
• Identify, monitor, engage with complete inventory of information
• Establish appropriate policies and procedures to be followed
• Educate user community to minimize risk

Team Description:

The GIS Compliance team oversees ongoing security programs to evaluate the health of TWDC's control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting. The department is responsible for understanding and interpreting regulated controls and assessment requirements (Payment Card Industry, SOX, General Data Protection Regulations, Third Party Assessment) for TWDC.

Responsibilities of Role:

• Define, drive, and enhance the strategic direction for IT security compliance programs
• Oversee team performance and ensure achievement of results
• Work closely with leaders across the organization to align dependencies and identify synergies
• Independently oversee daily tasks and address conflicts within a team
• Demonstrate leadership through collaboration, influence and creative thinking
• Partner with IT, legal, security and management teams to drive results
• Ensure compliance requirements are fully met, documented, and communicated accurately

Must Haves (Years of Experience, languages, programs, tools, etc.):

• 8+ years of IT audit, or IT security and/or compliance experience
• 2+ years leading and managing teams
• Prior experience working within a global media, entertainment organization or fortune 100 company
• Proven experience leading audits/assessments with complex environments
• Solid experience interpreting and auditing external security regulations
• Ability to assess risk, make informed decisions, and anticipate potential compliance challenges
• Ability to stay up to date with industry trends, emerging laws and new compliance requirements
• Effective at managing time and prioritizing tasks effectively - balancing multiple priorities under tight deadlines
• Good analytical and problem-solving skills
• Excellent written, verbal, and visual communication for partners (internal & external) in all roles and levels
• Ability to establish credibility and coordinate partnerships across segments
• Security certification (CISSP, CISA, GSEC) or comparable certification

Nice To Haves:

• Master's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study

Education:

• Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this position in California, Seattle and New York is $138,900.00 - $186,200.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.