Drive the evolution of Disney's InfoSec GRC program from a compliance-centric model to a dynamic, risk-intelligence-led capability that informs enterprise investment and prioritization decisions
Define and elevate GRC standards by introducing innovative approaches to risk quantification, compliance automation, and integrated governance
Partner with GIS and segment technology leadership to position GRC as a strategic business enabler, translating complex risks into actionable, executive-ready insights
Champion a culture where risk awareness is embedded into daily decision-making, enabling intuitive and scalable risk-informed behaviors across the enterprise
Risk Management Leadership
Lead the design, implementation, and continuous improvement of Disney's enterprise InfoSec Risk Management Framework
Establish and operationalize risk tolerance models, translating business objectives into clear prioritization, investment, and remediation decisions
Build and mature a centralized cybersecurity risk register integrating threat intelligence, vulnerabilities, and third-party risk data
Drive risk-based prioritization across InfoSec functions to ensure measurable risk reduction and alignment to enterprise objectives
Deliver clear, credible, and decision-ready risk reporting to executive leadership and the Board, including financial risk quantification (e.g., FAIR)
Governance Program Leadership
Oversee the full lifecycle of InfoSec policies, standards, and guidelines, ensuring they are risk-based, actionable, and aligned with business needs
Embed governance controls into the technology lifecycle (e.g., DevSecOps , cloud, infrastructure-as-code), reducing reliance on manual processes through automation
Establish a policy effectiveness framework focused on behavioral change and measurable risk reduction
Define and advance governance strategies for emerging technologies, including AI/ML, quantum security, and autonomous systems
Lead enterprise maturity assessments (e.g., NIST CSF) to identify gaps and inform strategic investment decisions
Compliance Program Leadership
Provide oversight of global regulatory and contractual compliance programs (e.g., SOX, PCI, GDPR, ISO), ensuring consistency and scalability
Build and operationalize a "compliance-as-a-service" model that enables self-service, automates evidence collection, and minimizes burden on engineering teams
Monitor and anticipate changes in the regulatory landscape, proactively positioning Disney to meet evolving requirements
Organizational Leadership
Lead, develop, and scale a high-performing global GRC organization, fostering a culture of accountability, innovation, and continuous improvement
Drive organizational excellence through strong leadership, talent development,
Benefits
Dental insuranceVision insurance
Additional Information
Job Posting Title:
Executive Director, InfoSec Governance, Risk, and Compliance
Req ID:
10152675
Job Description:
At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.
The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.
Team Description:
The Global Information Security (GIS) group provides services to protect the value and use of Disney's information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are: Reduce the risk of both accidental and malicious data disclosure; Identify , monitor, engage with complete inventory of information; Establish appropriate policies and procedures to be followed; Educate user community to minimize risk.
Disney's InfoSec GRC team is seeking a transformational leader to drive the next evolution of Governance, Risk, and Compliance across the enterprise. Reporting to the VP of Information Security, this role will lead the shift from a traditional compliance-driven approach to a modern, risk-intelligence-led model that enables better business decisions, strengthens security posture, and scales with Disney's global technology and content ecosystem. This leader will partner closely with GIS and business leadership to embed risk awareness into daily operations, ensuring GRC is a strategic enabler of innovation-not a barrier.
Disney · Seattle, WA