Skip to main content

Director, Information Security

Orlando, Florida, United States / Lake Buena Vista, Florida, United States

Apply NowApply Later


Job ID 931388BR Location Orlando, Florida, United States / Lake Buena Vista, Florida, United States Business Walt Disney World Resort Date posted Mar. 08, 2022

Job Summary:

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
​​​​
We are looking to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The Director, Information Security is responsible for executing the Cybersecurity strategy for the DPEP Risk and Compliance programs. In this role, the Director will play a key role in ensuring the DPEP Segment is aligned to the Disney Information Security Policies & Standards. The Director will be responsible for ensuring a frictionless Risk Assessment and Compliance program with the goal of implementing preventive, detective, and corrective controls to mitigate risks within acceptable levels. The Director will work with Business and Technology stakeholders to balance risks with the business drivers of revenue generation, cost reduction, speed, agility, effectiveness, and efficiency. The Director will act as an empowered representative of the Information Security Officer during Technology planning initiatives to ensure security measures are incorporated into Technology projects. Lead, support, and mentor business and technology teams in secure development practices. Lead and deliver Segment specific security training and awareness programs.

Responsibilities:

This position interacts with Internal Audit, External Audit firms, Data Privacy, Legal, Leadership, and other stakeholders across the Segment. This role will be involved in the overall Technology Controls & Compliance program through various control audit, assurance, and compliance programs.
  • Develop and lead strategies for the governance, risk, and compliance functions across the Business Segment.
  • Lead a high performing team of Cybersecurity and Compliance professionals.
  • Act as a Cybersecurity and IT controls Compliance subject matter expert within the Business Segment and Global Information Security organization.
  • Develop and implement processes to ensure information systems are implemented and maintained according to Company policies and regulatory requirements.
  • Ensure exposure to cybersecurity risks are identified and managed at an acceptable level.
  • Execute the Business Segment governance framework for cybersecurity risk, including identifying risks and awareness, and provide briefings to senior leaders to advise them of critical issues that may affect the business or security posture.
  • Maintain a security risk registry with clearly defined owners and timelines for each risk.
  • Present and shepherd new policies through GIS security governance process and communicate and advocate newly approved policies within the Segment.
  • Develop and manage the third-party Security oversight program, including the risk assessment of supplier/vendor security controls to protect our data and ongoing monitoring for compliance to our cybersecurity policies and standards.
  • Lead, support, and mentor business and technology teams in secure development practices.
  • Lead and deliver Segment specific security training and awareness programs.
  • Lead the team that manages, coordinates, tracks, and reports all cybersecurity-related external assessments and internal audits including action plans and responses. Assist Segment leadership in developing responses to external and internal audit findings.
  • Partner with various teams to identify required controls and develop risk mitigation plans.
  • Build solid working relationships with stakeholders to maintain and improve security posture.
  • Coordinate and prepare reports for leadership on Cybersecurity risks and Compliance program status. Presents reports and issues to leadership through formal presentations as needed.
  • Stay informed about Cybersecurity and Compliance trends and directions.
  • Achieve financial budget commitments and targets.

Basic Qualifications:

  • Four-year college degree in Cybersecurity, Information Technology, Business, or related work experience. Advanced degree is a plus.
  • 10+ years of Cybersecurity and Risk Management experience.
  • In-depth familiarity with risk methodologies, industry security-related frameworks, such as NIT CSF.NIS 800.53, SOC 2 Trust Principles, and PCI Data Security Standard.
  • Good understanding of popular application security standards including OWASP TOP 10 and SANS TOP 25.
  • Proven executive leadership within a complex organization holding a high profile global brand.
  • Experience leading change in a dynamic environment and ability to build consensus.
  • Demonstrated excellence in client/partner relationship management with Senior Executives.
  • Interpersonal and collaborative skills to establish and maintain effective working relationships.
  • Ability to communicate security and risk-related concepts in a business context.
  • Strong technical acumen across cloud providers.
  • Demonstrated ability to develop and mentor teams.
  • Demonstrated inclusive leadership that embraces diversity.
  • Proven financial management experience.
  • Demonstrated professional written, verbal, and presentation communications skills.
  • Certifications in one of more of the following - CISSP, CISM, CRISC, CEH

About Walt Disney World Resort:

Since opening in 1971, Walt Disney World Resort has played an important role in many childhood and family memories. Today, hundreds of millions of guests from around the globe visit this magical place to enjoy a Disney vacation. Through a combination of creativity, innovation and technology, the resort immerses guests in classic Disney tales and new kinds of family entertainment. Drawing from a rich heritage of storytelling, Walt Disney World Resort cast members bring Disney magic to life through unmatched attention to detail and superior guest service.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business we call Walt Disney World Resort.

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply Now Apply Later

Watch Our Jobs

Sign up to receive new job alerts and company information based on your preferences.

For Disney Job Alerts to work, JavaScript must be enabled in your browser.