VP, Cyber Security Assurance & Compliance

Key Skills

Aartificial intelligence, Cyber Security, Employee life cycle, High performance computing- HPC, IaaS, Leadership Skill, Management, PaaS

Job Description

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The VP, Cyber Security Assurance & Compliance provides the direction and strategy for protecting the confidentiality and integrity of TWDC systems through policy management and application security. This role also ensures that a comprehensive Cyber Security program is effectively managed by leveraging industry best practices to protect and prevent threats based upon business criticality and risk reduction.

As a member of the TWDC Global Information Security Leadership Team, collaborate with other leaders, to understand and align with ongoing risk posture, and drive security strategy and initiatives to ensure TWDC is current with industry trends, cost-effective, and in line with enterprise strategy. Ensure that Cyber Security program continues to mature by continuing to develop our cyber threat and operational capabilities, expanding our cloud security discipline, and driving down Cyber Security risk across all domains. 

Responsibilities include, but are not limited to:

• Develop trusted working partnerships within Technology and Business Leaders
• Manage the overall secure application process across the development lifecycle
• Scale application security services to support a variety of stakeholders to both reduce risk and serve customer requirements
• Oversight of security tactical testing and solution support teams
• Leading the development, publishing, and compliance of up-to-date security policies, standards, and guidelines
• Drive identification, assessment, and remediation of strategic risk and compliance
• Proactively monitor and escalate remediation of regulatory compliance and other risks
• Communicate and create ongoing awareness with business leaders regarding risks, concerns, and priorities
• Promote and drive appropriate controls and compliance accountability across the business
• Work with the senior leadership to ensure risk and compliance initiatives are implemented, reviewed, maintained, and governed
• Ensure appropriate and responsive risk and compliance integration with business activities (such as Software development process, security risk assessments, and strategic priorities)
• Lead efforts to continually drive ongoing strategy, process, control, and capability improvements across Cyber Security functions
• Drives innovation of security programs and underlying process and solutions to stay ahead of the threat landscape
• Ensures rapid response to Cyber Security incidents from identification to eradiation in the environment and advances the program based upon Incident post mortem learnings
• Partners with management in order to recruit, develop and retain high performance, geographically distributed team members and ensuring a training program and career planning occur regularly

Position involves significant executive interaction, and as such requires exceptional subject matter expertise, professional presence, communication, leadership and decision-making skills. The ability to develop trusted relationships with executive management and other professionals throughout the company is critical.

Required Qualifications:

• 10+ years of relevant experience in information security or directly related field, at least four years must be in a senior leadership role.
• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or equivalent required
• Certifications in one of more of the following - CISSP, CISM, CISA, CRISC, GPEN, CEH
• Strong familiarity with information security, risk management, and IT governance standards and frameworks (e.g., NIST 800-53, ISO 27000, ISO 31000, etc.)
• Experience in formal risk assessment and risk management practices
• Experience with vulnerability analysis processes and best practices
• Experience managing third-party risk, business continuity risk, and IT operational risk
• Knowledge of specific technologies associated with data protection, data governance, artificial intelligence, cognitive thinking as well as cloud technologies (IAAS, PAAS), directory, database, federation, authorization, message integrity, authentication, provisioning, mobility, mobile applications, etc.

• Advanced comprehension of cryptography components, standards and protocols such as PKI, Key management (software and hardware based), key lifecycle, digital certificates, SSL/TLS, SSH, integration into overall security architecture and means to operationalize
• Broad awareness of security protocols including identity (federated identity protocols), access management, application security, encryption (at rest, in transit, in use) and regulations including cyber security legislation practices, privacy, restrictions of geographic locations, etc.
• Understanding of network concepts TCP/IP, DNS, Load balancing, NTP, switching and routing
• Large, complex implementation and deployment experience of security tools and programs.

Desired Qualifications:

• Advanced degree is a plus
• Knowledge of security-related legislation/regulations with emphasis on Sarbanes-Oxley, PCI, and privacy.
• Knowledge of vulnerability management, Network, and Host-based intrusion detection, anti-virus, and anti-spyware solutions and monitoring processes.
• Proven executive leadership within a complex organization holding a high-profile global brand.
• Demonstrated excellence in client/partner relationship management with Senior Executives in a Fortune 100 company.

The hiring range for this position in Seattle, WA, Burbank, CA, and Orlando, FL is $241,490 to $323,950 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: Disney Entertainment, ESPN, Disney Parks, and Experiences and Products. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.