Manager, Information Security Compliance

Department Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to :

Secure the Magic by protecting information systems and platforms.

Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.

Strengthen the business through optimizing execution, application, and technology used to protect the Company.

Innovate by investing in core capabilities to enhance operational efficiency.

Team Description :

Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers.

What You'll Do :

Independent audit support for :

SOX 404 ITGCs

PII

PCI

ISPS

Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs.

Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and / or other assessments.

Develop and lead the Control Assurance Programs (ISPS and SOX).

Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding.

Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls.

This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control.

Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment.

Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products)

Ensure for timely management response of audit findings into our corporate SOCD / SAD.

Oversee ISPS Management Audit coordination and open action plans.

Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands.

Management of GRC workflows around coordination of certifications and attestations.

Partner with leadership to support the PCI-DSS compliance program.

Develop training materials, coordinate training sessions, and monitor compliance with training requirements.

Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently.

Assign tasks and projects to team members based on priorities, deadlines, and individual strengths.

Provide executive level updates on Compliance programs

Must Haves (Years of Experience, languages, programs, tools, etc.) :

Minimum of 8 years of related work experience, with 3 in management roles

IT SOX experience and proven experience in supporting IT audit / compliance functions

Experience in managing people

Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives

Interpersonal skills with the ability to work with teams cross-functionally

Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators

Detail-oriented but able to understand the big picture. Highly organized and efficient

Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments

Experience with cloud-based services, specifically AWS

Nice To Haves (see above) :

Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR

Experience working with companies that have a heavy microservice architecture

Education :

Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and / or equivalent work experience

The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and / or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and / or other benefits, dependent on the level and position offered.

Job ID : 10135782

Location : Glendale,California

Job Posting Company : The Walt Disney Company (Corporate)

The Walt Disney Company and its Affiliated Companies are Equal Employment Opportunity employers and welcome all job seekers including individuals with disabilities and veterans with disabilities. If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or apply for a position, email Candidate.Accommodations@Disney.com with your request. This email address is not for general employment inquiries or correspondence. We will only respond to those requests that are related to the accessibility of the online application system due to a disability.