Skip to main content

Manager, Enterprise IT Compliance Programs

Burbank, California, United States

Apply NowApply Later


Job ID 943198BR Location Burbank, California, United States Business The Walt Disney Company (Corporate) Date posted Mar. 17, 2022

Job Summary:

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Burbank, CA – Seattle, WA – Orlando, FL.

To ensure that our services keep The Walt Disney Company (TWDC) secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies/standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

Information Security (IS) Governance, Risk Management, & Compliance provide organizational structure, processes, and oversight to ensure policies, standards, and management practices meet information security objectives. IS Compliance runs ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting.

The Manager, Enterprise IT Compliance Programs role is critical to ensuring TWDC meets all compliance requirements across a complex and diverse payment environment. Candidates must have a strong understanding of payment processing fundamentals and related Payment Card Industry (PCI) technology controls. Experience with these processes and controls in the context of an audit or assessment is preferred.

The department develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Reviews and enhances network systems and processes for compliance with external regulations and internal standards. Proactively identifies non-conforming areas and assesses risk. Recommends and implements compliance measures. Provides leadership on compliance issues to solve challenging security compliance problems. Ensures documentation and reporting in support of analysis. Stays current on evolving legislative / regulatory changes related to security compliance.

Responsibilities:

The Manager, Enterprise IT Compliance Programs is primarily responsible for overseeing internal and external assessment activities including TWDC’s annual PCI audit. The role includes analyzing and interpreting current control requirements, facilitating and overseeing assessment activities, sustaining stakeholder relationships, determining assessment scoping and requirements, problem solving, and providing consulting services. The role also includes the development of new assessment processes to address platforms/systems presenting risk to TWDC.

Key accountabilities include:
  • Candidates must have a strong understanding of payment processing fundamentals and related Payment Card Industry (PCI) technology controls. Experience with these processes and controls in the context of an audit or assessment is preferred.
  • Determining assessment scope and monitoring segment performance during assessment.
  • Validating scoping and key controls for business units performing self-assessment.
  • Reporting assessment status, reporting control findings, and identifying risk indicators.
  • Executing projects to improve visibility to PCI control operating effectiveness.
  • Serving as a key PCI compliance advocate across the enterprise.
  • Sustaining and improving TWDC’s ability to articulate scope, requirements, and accountabilities to achieve PCI compliance, annually.
  • Signatory validation and integration with TWDC Legal.
  • Merchant account identification and integration with TWDC ECP (Enterprise Consumer Payments).
  • Sustaining stakeholder relationships (e.g., business unit, technology organization, information security).
  • Developing control assessment processes that reduce risk and improve efficiency.
  • Managing program administration (e.g., budget, forecasts, vendor invoicing, etc.)

Basic Qualifications:

  • SME PCI DSS - Subject matter expertise knowledge of Payment Card Industry Data Security Standard (PCI DSS)
  • 5 years in an Information Security Leadership role accountable for staff members.
  • 2 to 3 years in an Information Security Compliance and/or Control Assessment role that would include developing and implementing control assessment processes.
  • Working knowledge of the most common Information Security controls
  • Ability to analyze and interpret information and communicate effectively to all levels of leadership

Preferred Qualifications:

  • Enterprise project/assessment management experience
  • International experience
  • Merger/acquisition experience

Required Education

  • B.S in related field and/or equivalent professional experience
  • Information Security Certification such as CISSP, PCIP, CISA, etc. preferred

Additional Information:

#DISNEYTECH
#LI-JP4

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply Now Apply Later

Watch Our Jobs

Sign up to receive new job alerts and company information based on your preferences.

For Disney Job Alerts to work, JavaScript must be enabled in your browser.