VP, Cyber Security Assurance & ComplianceApply NowApply Later Job ID 10060816 Location Seattle, Washington, United States / Burbank, California, United States / Orlando, Florida, United States Business The Walt Disney Company (Corporate) Date posted Sep. 08, 2023
VP, Cyber Security Assurance & Compliance
At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.
The VP, Cyber Security Assurance & Compliance provides the direction and strategy for protecting the confidentiality and integrity of TWDC systems through policy management and application security. This role also ensures that a comprehensive Cyber Security program is effectively managed by leveraging industry best practices to protect and prevent threats based upon business criticality and risk reduction.
As a member of the TWDC Global Information Security Leadership Team, collaborate with other leaders, to understand and align with ongoing risk posture, and drive security strategy and initiatives to ensure TWDC is current with industry trends, cost-effective, and in line with enterprise strategy. Ensure that Cyber Security program continues to mature by continuing to develop our cyber threat and operational capabilities, expanding our cloud security discipline, and driving down Cyber Security risk across all domains.
Responsibilities include, but are not limited to:
Develop trusted working partnerships within Technology and Business Leaders
Manage the overall secure application process across the development lifecycle
Scale application security services to support a variety of stakeholders to both reduce risk and serve customer requirements
Oversight of security tactical testing and solution support teams
Leading the development, publishing, and compliance of up-to-date security policies, standards, and guidelines
Drive identification, assessment, and remediation of strategic risk and compliance
Proactively monitor and escalate remediation of regulatory compliance and other risks
Communicate and create ongoing awareness with business leaders regarding risks, concerns, and priorities
Promote and drive appropriate controls and compliance accountability across the business
Work with the senior leadership to ensure risk and compliance initiatives are implemented, reviewed, maintained, and governed
Ensure appropriate and responsive risk and compliance integration with business activities (such as Software development process, security risk assessments, and strategic priorities)
Lead efforts to continually drive ongoing strategy, process, control, and capability improvements across Cyber Security functions
Drives innovation of security programs and underlying process and solutions to stay ahead of the threat landscape
Ensures rapid response to Cyber Security incidents from identification to eradiation in the environment and advances the program based upon Incident post mortem learnings
Partners with management in order to recruit, develop and retain high performance, geographically distributed team members and ensuring a training program and career planning occur regularly
Position involves significant executive interaction, and as such requires exceptional subject matter expertise, professional presence, communication, leadership and decision-making skills. The ability to develop trusted relationships with executive management and other professionals throughout the company is critical.
10+ years of relevant experience in information security or directly related field, at least four years must be in a senior leadership role.
Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or equivalent required
Certifications in one of more of the following - CISSP, CISM, CISA, CRISC, GPEN, CEH
Strong familiarity with information security, risk management, and IT governance standards and frameworks (e.g., NIST 800-53, ISO 27000, ISO 31000, etc.)
Experience in formal risk assessment and risk management practices
Experience with vulnerability analysis processes and best practices
Experience managing third-party risk, business continuity risk, and IT operational risk
Knowledge of specific technologies associated with data protection, data governance, artificial intelligence, cognitive thinking as well as cloud technologies (IAAS, PAAS), directory, database, federation, authorization, message integrity, authentication, provisioning, mobility, mobile applications, etc.
Advanced comprehension of cryptography components, standards and protocols such as PKI, Key management (software and hardware based), key lifecycle, digital certificates, SSL/TLS, SSH, integration into overall security architecture and means to operationalize
Broad awareness of security protocols including identity (federated identity protocols), access management, application security, encryption (at rest, in transit, in use) and regulations including cyber security legislation practices, privacy, restrictions of geographic locations, etc.
Understanding of network concepts TCP/IP, DNS, Load balancing, NTP, switching and routing
Large, complex implementation and deployment experience of security tools and programs.
Advanced degree is a plus
Knowledge of security-related legislation/regulations with emphasis on Sarbanes-Oxley, PCI, and privacy.
Knowledge of vulnerability management, Network, and Host-based intrusion detection, anti-virus, and anti-spyware solutions and monitoring processes.
Proven executive leadership within a complex organization holding a high-profile global brand.
Demonstrated excellence in client/partner relationship management with Senior Executives in a Fortune 100 company.
The hiring range for this position in Seattle, WA, Burbank, CA, and Orlando, FL is $241,490 to $323,950 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
About The Walt Disney Company (Corporate):
At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: Disney Entertainment, ESPN, Disney Parks, and Experiences and Products. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate).
Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, disability, protected veteran status or any other basis prohibited by federal, state or local law. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.
Watch Our Jobs
Sign up to receive new job alerts and company information based on your preferences.